mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-08-05 05:56:14 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

changes made for http

Browse Source
This commit is contained in:
Kanaga Vasantharaj (WIPRO LIMITED) 2025-07-02 18:21:31 +05:30
parent d1843e1d9b
commit 661db9263f
3 changed files with 125 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
src/http/modules/ngx_http_ssl_module.c
View File

@ -39,6 +39,17 @@ static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf);
static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
void *parent, void *child); void *parent, void *child);
u_char *ngx_ssl_get_backend_protocol(ngx_connection_t *c);
u_char *ngx_ssl_get_backend_cipher(ngx_connection_t *c);
static ngx_int_t ngx_http_variable_backend_ssl_cipher(ngx_http_request_t *r,
ngx_http_variable_value_t *v,
uintptr_t data);
static ngx_int_t ngx_http_variable_backend_ssl_protocol(ngx_http_request_t *r,
ngx_http_variable_value_t *v,
uintptr_t data);
static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf, static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
ngx_http_ssl_srv_conf_t *conf); ngx_http_ssl_srv_conf_t *conf);
@ -302,7 +313,6 @@ static ngx_command_t ngx_http_ssl_commands[] = {
ngx_null_command ngx_null_command
}; };
static ngx_http_module_t ngx_http_ssl_module_ctx = { static ngx_http_module_t ngx_http_ssl_module_ctx = {
ngx_http_ssl_add_variables, /* preconfiguration */ ngx_http_ssl_add_variables, /* preconfiguration */
ngx_http_ssl_init, /* postconfiguration */ ngx_http_ssl_init, /* postconfiguration */
@ -333,6 +343,60 @@ ngx_module_t ngx_http_ssl_module = {
NGX_MODULE_V1_PADDING NGX_MODULE_V1_PADDING
}; };
static ngx_int_t
ngx_http_variable_backend_ssl_cipher(ngx_http_request_t *r,
ngx_http_variable_value_t *v,
uintptr_t data)
{
ngx_http_upstream_state_t *state;
if (r == NULL || r->upstream_states == NULL) {
v->not_found = 1;
return NGX_OK;
}
state = r->upstream_states->elts;
if (state[0].backend_ssl_cipher.data) {
v->len = state[0].backend_ssl_cipher.len;
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
v->data = state[0].backend_ssl_cipher.data;
} else {
v->not_found = 1;
}
return NGX_OK;
}
static ngx_int_t
ngx_http_variable_backend_ssl_protocol(ngx_http_request_t *r,
ngx_http_variable_value_t *v,
uintptr_t data)
{
ngx_http_upstream_state_t *state;
if (r == NULL || r->upstream_states == NULL || r->upstream_states->nelts == 0) {
v->not_found = 1;
return NGX_OK;
}
state = r->upstream_states->elts;
if (state[0].backend_ssl_protocol.data) {
v->data = state[0].backend_ssl_protocol.data;
v->len = state[0].backend_ssl_protocol.len;
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
} else {
v->not_found = 1;
}
return NGX_OK;
}
static ngx_http_variable_t ngx_http_ssl_vars[] = { static ngx_http_variable_t ngx_http_ssl_vars[] = {
@ -341,6 +405,12 @@ static ngx_http_variable_t ngx_http_ssl_vars[] = {
{ ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
(uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
{ ngx_string("backend_ssl_protocol"), NULL,
ngx_http_variable_backend_ssl_protocol, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("backend_ssl_cipher"), NULL,
ngx_http_variable_backend_ssl_cipher, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
{ ngx_string("ssl_ciphers"), NULL, ngx_http_ssl_variable, { ngx_string("ssl_ciphers"), NULL, ngx_http_ssl_variable,
(uintptr_t) ngx_ssl_get_ciphers, NGX_HTTP_VAR_CHANGEABLE, 0 }, (uintptr_t) ngx_ssl_get_ciphers, NGX_HTTP_VAR_CHANGEABLE, 0 },
@ -908,6 +978,37 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
return NGX_CONF_OK; return NGX_CONF_OK;
} }
u_char *
ngx_ssl_get_backend_cipher(ngx_connection_t *c)
{
const SSL_CIPHER *cipher;
const char *name;
if (c == NULL || c->ssl == NULL || c->ssl->connection == NULL) {
return NULL;
}
cipher = SSL_get_current_cipher(c->ssl->connection);
if (cipher == NULL) {
return NULL;
}
name = SSL_CIPHER_get_name(cipher);
return (u_char *) name;
}
u_char *
ngx_ssl_get_backend_protocol(ngx_connection_t *c)
{
const char *proto;
if (c == NULL || c->ssl == NULL || c->ssl->connection == NULL) {
return NULL;
}
proto = SSL_get_version(c->ssl->connection);
return (u_char *) proto;
}
static ngx_int_t static ngx_int_t
ngx_http_ssl_compile_certificates(ngx_conf_t *cf, ngx_http_ssl_compile_certificates(ngx_conf_t *cf,

29
src/http/ngx_http_upstream.c
View File

@ -1812,18 +1812,32 @@ ngx_http_upstream_ssl_handshake_handler(ngx_connection_t *c)
ngx_http_upstream_t *u; ngx_http_upstream_t *u;
r = c->data; r = c->data;
u = r->upstream; u = r->upstream;
c = r->connection;
if (c->ssl && c->ssl->handshaked) {
SSL *ssl_conn = c->ssl->connection;
ngx_http_set_log_request(c->log, r); const char *proto = SSL_get_version(ssl_conn);
const char *cipher = SSL_get_cipher_name(ssl_conn);
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, if (r->upstream_states && r->upstream_states->nelts > 0) {
"http upstream ssl handshake: \"%V?%V\"", ngx_http_upstream_state_t *state = r->upstream_states->elts;
&r->uri, &r->args);
ngx_http_upstream_ssl_handshake(r, u, u->peer.connection); state[0].backend_ssl_protocol.len = ngx_strlen(proto);
state[0].backend_ssl_protocol.data = ngx_pnalloc(r->pool, state[0].backend_ssl_protocol.len);
if (state[0].backend_ssl_protocol.data) {
ngx_memcpy(state[0].backend_ssl_protocol.data, proto, state[0].backend_ssl_protocol.len);
}
state[0].backend_ssl_cipher.len = ngx_strlen(cipher);
state[0].backend_ssl_cipher.data = ngx_pnalloc(r->pool, state[0].backend_ssl_cipher.len);
if (state[0].backend_ssl_cipher.data) {
ngx_memcpy(state[0].backend_ssl_cipher.data, cipher, state[0].backend_ssl_cipher.len);
}
}
}
ngx_http_upstream_ssl_handshake(r, u, c);
ngx_http_run_posted_requests(c); ngx_http_run_posted_requests(c);
} }
@ -2577,7 +2591,6 @@ ngx_http_upstream_process_header(ngx_http_request_t *r, ngx_http_upstream_t *u)
if (ngx_http_upstream_process_headers(r, u) != NGX_OK) { if (ngx_http_upstream_process_headers(r, u) != NGX_OK) {
return; return;
} }
ngx_http_upstream_send_response(r, u); ngx_http_upstream_send_response(r, u);
} }

3
src/http/ngx_http_upstream.h
View File

@ -61,6 +61,8 @@ typedef struct {
ngx_uint_t status; ngx_uint_t status;
ngx_msec_t response_time; ngx_msec_t response_time;
ngx_msec_t connect_time; ngx_msec_t connect_time;
ngx_str_t backend_ssl_protocol;
ngx_str_t backend_ssl_cipher;
ngx_msec_t header_time; ngx_msec_t header_time;
ngx_msec_t queue_time; ngx_msec_t queue_time;
off_t response_length; off_t response_length;
@ -267,7 +269,6 @@ typedef struct {
ngx_uint_t redirect; /* unsigned redirect:1; */ ngx_uint_t redirect; /* unsigned redirect:1; */
} ngx_http_upstream_header_t; } ngx_http_upstream_header_t;
typedef struct { typedef struct {
ngx_list_t headers; ngx_list_t headers;
ngx_list_t trailers; ngx_list_t trailers;