From afe5753fa59cecf142df233c888d478592ddce2c Mon Sep 17 00:00:00 2001 From: "Kanaga Vasantharaj (WIPRO LIMITED)" Date: Thu, 3 Jul 2025 15:42:03 +0530 Subject: [PATCH] changes made in upstream --- src/http/modules/ngx_http_ssl_module.c | 72 --------------------- src/http/ngx_http_upstream.c | 87 ++++++++++++++++++++++---- 2 files changed, 74 insertions(+), 85 deletions(-) diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index 22a280fb3..fa61dc3b6 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -40,17 +40,6 @@ static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child); -u_char *ngx_ssl_get_backend_protocol(ngx_connection_t *c); -u_char *ngx_ssl_get_backend_cipher(ngx_connection_t *c); - -static ngx_int_t ngx_http_variable_backend_ssl_cipher(ngx_http_request_t *r, - ngx_http_variable_value_t *v, - uintptr_t data); - -static ngx_int_t ngx_http_variable_backend_ssl_protocol(ngx_http_request_t *r, - ngx_http_variable_value_t *v, - uintptr_t data); - static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf, ngx_http_ssl_srv_conf_t *conf); @@ -344,61 +333,6 @@ ngx_module_t ngx_http_ssl_module = { NGX_MODULE_V1_PADDING }; -static ngx_int_t -ngx_http_variable_backend_ssl_cipher(ngx_http_request_t *r, - ngx_http_variable_value_t *v, - uintptr_t data) -{ - ngx_http_upstream_state_t *state; - - if (r == NULL || r->upstream_states == NULL) { - v->not_found = 1; - return NGX_OK; - } - - state = r->upstream_states->elts; - - if (state[0].backend_ssl_cipher.data) { - v->len = state[0].backend_ssl_cipher.len; - v->valid = 1; - v->no_cacheable = 0; - v->not_found = 0; - v->data = state[0].backend_ssl_cipher.data; - } else { - v->not_found = 1; - } - - return NGX_OK; -} - -static ngx_int_t -ngx_http_variable_backend_ssl_protocol(ngx_http_request_t *r, - ngx_http_variable_value_t *v, - uintptr_t data) -{ - ngx_http_upstream_state_t *state; - - if (r == NULL || r->upstream_states == NULL || r->upstream_states->nelts == 0) { - v->not_found = 1; - return NGX_OK; - } - - state = r->upstream_states->elts; - - if (state[0].backend_ssl_protocol.data) { - v->data = state[0].backend_ssl_protocol.data; - v->len = state[0].backend_ssl_protocol.len; - v->valid = 1; - v->no_cacheable = 0; - v->not_found = 0; - - } else { - v->not_found = 1; - } - - return NGX_OK; -} - static ngx_http_variable_t ngx_http_ssl_vars[] = { { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable, @@ -406,12 +340,6 @@ static ngx_http_variable_t ngx_http_ssl_vars[] = { { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, - - { ngx_string("backend_ssl_protocol"), NULL, - ngx_http_variable_backend_ssl_protocol, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 }, - - { ngx_string("backend_ssl_cipher"), NULL, - ngx_http_variable_backend_ssl_cipher, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 }, { ngx_string("ssl_ciphers"), NULL, ngx_http_ssl_variable, (uintptr_t) ngx_ssl_get_ciphers, NGX_HTTP_VAR_CHANGEABLE, 0 }, diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c index 10bb23224..750be18d5 100644 --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -169,6 +169,10 @@ static ngx_int_t ngx_http_upstream_trailer_variable(ngx_http_request_t *r, static ngx_int_t ngx_http_upstream_cookie_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_upstream_backend_ssl_cipher(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_upstream_backend_ssl_protocol(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); static char *ngx_http_upstream(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy); static char *ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); @@ -408,6 +412,14 @@ static ngx_http_variable_t ngx_http_upstream_vars[] = { { ngx_string("upstream_status"), NULL, ngx_http_upstream_status_variable, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 }, + + { ngx_string("backend_ssl_protocol"), NULL, + ngx_http_upstream_backend_ssl_protocol, 0, + NGX_HTTP_VAR_NOCACHEABLE, 0 }, + + { ngx_string("backend_ssl_cipher"), NULL, + ngx_http_upstream_backend_ssl_cipher, 0, + NGX_HTTP_VAR_NOCACHEABLE, 0 }, { ngx_string("upstream_connect_time"), NULL, ngx_http_upstream_response_time_variable, 2, @@ -1824,22 +1836,20 @@ ngx_http_upstream_ssl_handshake_handler(ngx_connection_t *c) if (r->upstream_states && r->upstream_states->nelts > 0) { ngx_http_upstream_state_t *state = r->upstream_states->elts; - state[0].backend_ssl_protocol.len = ngx_strlen(proto); - state[0].backend_ssl_protocol.data = ngx_pnalloc(r->pool, state[0].backend_ssl_protocol.len); - if (state[0].backend_ssl_protocol.data) { - ngx_memcpy(state[0].backend_ssl_protocol.data, proto, state[0].backend_ssl_protocol.len); - } + state->backend_ssl_protocol.len = ngx_strlen(proto); + state->backend_ssl_protocol.data = ngx_pnalloc(r->pool, state->backend_ssl_protocol.len); + if (state->backend_ssl_protocol.data) { + ngx_memcpy(state->backend_ssl_protocol.data, proto, state->backend_ssl_protocol.len); + } - state[0].backend_ssl_cipher.len = ngx_strlen(cipher); - state[0].backend_ssl_cipher.data = ngx_pnalloc(r->pool, state[0].backend_ssl_cipher.len); - if (state[0].backend_ssl_cipher.data) { - ngx_memcpy(state[0].backend_ssl_cipher.data, cipher, state[0].backend_ssl_cipher.len); + state->backend_ssl_cipher.len = ngx_strlen(cipher); + state->backend_ssl_cipher.data = ngx_pnalloc(r->pool, state->backend_ssl_cipher.len); + if (state->backend_ssl_cipher.data) { + ngx_memcpy(state->backend_ssl_cipher.data, cipher, state->backend_ssl_cipher.len); } } - } - - ngx_http_upstream_ssl_handshake(r, u, c); - + ngx_http_upstream_ssl_handshake(r, u, c); + } ngx_http_run_posted_requests(c); } @@ -1893,6 +1903,57 @@ failed: ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR); } +static ngx_int_t +ngx_http_upstream_backend_ssl_cipher(ngx_http_request_t *r, + ngx_http_variable_value_t *v, + uintptr_t data) +{ + if (r == NULL || r->upstream_states == NULL || r->upstream_states->nelts == 0) { + v->not_found = 1; + return NGX_OK; + } + + ngx_http_upstream_state_t *state = r->upstream_states->elts; + + if (state->backend_ssl_cipher.data == NULL) { + v->not_found = 1; + return NGX_OK; + } + + v->data = state->backend_ssl_cipher.data; + v->len = state->backend_ssl_cipher.len; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + + return NGX_OK; +} + +static ngx_int_t +ngx_http_upstream_backend_ssl_protocol(ngx_http_request_t *r, + ngx_http_variable_value_t *v, + uintptr_t data) +{ + if (r == NULL || r->upstream_states == NULL || r->upstream_states->nelts == 0) { + v->not_found = 1; + return NGX_OK; + } + + ngx_http_upstream_state_t *state = r->upstream_states->elts; + + if (state->backend_ssl_protocol.data == NULL) { + v->not_found = 1; + return NGX_OK; + } + + v->data = state->backend_ssl_protocol.data; + v->len = state->backend_ssl_protocol.len; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + + return NGX_OK; +} static void ngx_http_upstream_ssl_save_session(ngx_connection_t *c)