details:
https://github.com/nginx/njs/commit/f2955c8b25873d06527815a98e10e487cc1d55cf
branches: master
commit: f2955c8b25873d06527815a98e10e487cc1d55cf
user: Dmitry Volyntsev <xei...@nginx.com>
date: Mon, 2 Dec 2024 18:46:45 -0800
description:
Fetch: optimized use of SSL contexts.
To ensure optimal use of memory, SSL contexts for ngx.fetch() are now
inherited from previous levels as long as relevant js_fetch_* directives
are not redefined.
---
nginx/ngx_js.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 51 insertions(+), 5 deletions(-)
diff --git a/nginx/ngx_js.c b/nginx/ngx_js.c
index 05f6aa7e..12b577a2 100644
--- a/nginx/ngx_js.c
+++ b/nginx/ngx_js.c
@@ -3946,19 +3946,60 @@ ngx_js_create_conf(ngx_conf_t *cf, size_t size)
#if defined(NGX_HTTP_SSL) || defined(NGX_STREAM_SSL)
+static ngx_int_t
+ngx_js_merge_ssl(ngx_conf_t *cf, ngx_js_loc_conf_t *conf,
+ ngx_js_loc_conf_t *prev)
+{
+ ngx_uint_t preserve;
+
+ if (conf->ssl_protocols == 0
+ && conf->ssl_ciphers.data == NULL
+ && conf->ssl_verify == NGX_CONF_UNSET
+ && conf->ssl_verify_depth == NGX_CONF_UNSET
+ && conf->ssl_trusted_certificate.data == NULL)
+ {
+ if (prev->ssl) {
+ conf->ssl = prev->ssl;
+ return NGX_OK;
+ }
+
+ preserve = 1;
+
+ } else {
+ preserve = 0;
+ }
+
+ conf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
+ if (conf->ssl == NULL) {
+ return NGX_ERROR;
+ }
+
+ conf->ssl->log = cf->log;
+
+ /*
+ * special handling to preserve conf->ssl
+ * in the "http" section to inherit it to all servers
+ */
+
+ if (preserve) {
+ prev->ssl = conf->ssl;
+ }
+
+ return NGX_OK;
+}
+
+
static char *
ngx_js_set_ssl(ngx_conf_t *cf, ngx_js_loc_conf_t *conf)
{
ngx_ssl_t *ssl;
ngx_pool_cleanup_t *cln;
- ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
- if (ssl == NULL) {
- return NGX_CONF_ERROR;
+ if (conf->ssl->ctx) {
+ return NGX_OK;
}
- conf->ssl = ssl;
- ssl->log = cf->log;
+ ssl = conf->ssl;
if (ngx_ssl_create(ssl, conf->ssl_protocols, NULL) != NGX_OK) {
return NGX_CONF_ERROR;
@@ -4013,6 +4054,11 @@ ngx_js_merge_conf(ngx_conf_t *cf, void *parent, void
*child,
}
#if defined(NGX_HTTP_SSL) || defined(NGX_STREAM_SSL)
+
+ if (ngx_js_merge_ssl(cf, conf, prev) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
"DEFAULT");
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
