nxt_conf_validation.c (1936:953434450ea9) nxt_conf_validation.c (1942:296628096d6c)
1
2/*
3 * Copyright (C) Valentin V. Bartenev
4 * Copyright (C) NGINX, Inc.
5 */
6
7#include <nxt_main.h>
8#include <nxt_conf.h>

--- 85 unchanged lines hidden (view full) ---

94 nxt_conf_value_t *value, void *data);
95#endif
96static nxt_int_t nxt_conf_vldt_certificate_element(nxt_conf_validation_t *vldt,
97 nxt_conf_value_t *value);
98static nxt_int_t nxt_conf_vldt_tls_cache_size(nxt_conf_validation_t *vldt,
99 nxt_conf_value_t *value, void *data);
100static nxt_int_t nxt_conf_vldt_tls_timeout(nxt_conf_validation_t *vldt,
101 nxt_conf_value_t *value, void *data);
1
2/*
3 * Copyright (C) Valentin V. Bartenev
4 * Copyright (C) NGINX, Inc.
5 */
6
7#include <nxt_main.h>
8#include <nxt_conf.h>

--- 85 unchanged lines hidden (view full) ---

94 nxt_conf_value_t *value, void *data);
95#endif
96static nxt_int_t nxt_conf_vldt_certificate_element(nxt_conf_validation_t *vldt,
97 nxt_conf_value_t *value);
98static nxt_int_t nxt_conf_vldt_tls_cache_size(nxt_conf_validation_t *vldt,
99 nxt_conf_value_t *value, void *data);
100static nxt_int_t nxt_conf_vldt_tls_timeout(nxt_conf_validation_t *vldt,
101 nxt_conf_value_t *value, void *data);
102#if (NXT_HAVE_OPENSSL_TLSEXT)
103static nxt_int_t nxt_conf_vldt_ticket_key(nxt_conf_validation_t *vldt,
104 nxt_conf_value_t *value, void *data);
105static nxt_int_t nxt_conf_vldt_ticket_key_element(nxt_conf_validation_t *vldt,
106 nxt_conf_value_t *value);
102#endif
107#endif
108#endif
103static nxt_int_t nxt_conf_vldt_action(nxt_conf_validation_t *vldt,
104 nxt_conf_value_t *value, void *data);
105static nxt_int_t nxt_conf_vldt_pass(nxt_conf_validation_t *vldt,
106 nxt_conf_value_t *value, void *data);
107static nxt_int_t nxt_conf_vldt_return(nxt_conf_validation_t *vldt,
108 nxt_conf_value_t *value, void *data);
109static nxt_int_t nxt_conf_vldt_proxy(nxt_conf_validation_t *vldt,
110 nxt_conf_value_t *value, void *data);

--- 312 unchanged lines hidden (view full) ---

423 {
424 .name = nxt_string("cache_size"),
425 .type = NXT_CONF_VLDT_INTEGER,
426 .validator = nxt_conf_vldt_tls_cache_size,
427 }, {
428 .name = nxt_string("timeout"),
429 .type = NXT_CONF_VLDT_INTEGER,
430 .validator = nxt_conf_vldt_tls_timeout,
109static nxt_int_t nxt_conf_vldt_action(nxt_conf_validation_t *vldt,
110 nxt_conf_value_t *value, void *data);
111static nxt_int_t nxt_conf_vldt_pass(nxt_conf_validation_t *vldt,
112 nxt_conf_value_t *value, void *data);
113static nxt_int_t nxt_conf_vldt_return(nxt_conf_validation_t *vldt,
114 nxt_conf_value_t *value, void *data);
115static nxt_int_t nxt_conf_vldt_proxy(nxt_conf_validation_t *vldt,
116 nxt_conf_value_t *value, void *data);

--- 312 unchanged lines hidden (view full) ---

429 {
430 .name = nxt_string("cache_size"),
431 .type = NXT_CONF_VLDT_INTEGER,
432 .validator = nxt_conf_vldt_tls_cache_size,
433 }, {
434 .name = nxt_string("timeout"),
435 .type = NXT_CONF_VLDT_INTEGER,
436 .validator = nxt_conf_vldt_tls_timeout,
437 }, {
438 .name = nxt_string("tickets"),
439 .type = NXT_CONF_VLDT_STRING
440 | NXT_CONF_VLDT_ARRAY
441 | NXT_CONF_VLDT_BOOLEAN,
442#if (NXT_HAVE_OPENSSL_TLSEXT)
443 .validator = nxt_conf_vldt_ticket_key,
444#else
445 .validator = nxt_conf_vldt_unsupported,
446 .u.string = "tickets",
447#endif
431 },
432
433 NXT_CONF_VLDT_END
434};
435
436
437static nxt_int_t
438nxt_conf_vldt_tls_cache_size(nxt_conf_validation_t *vldt,

--- 25 unchanged lines hidden (view full) ---

464 "greater than zero.");
465 }
466
467 return NXT_OK;
468}
469
470#endif
471
448 },
449
450 NXT_CONF_VLDT_END
451};
452
453
454static nxt_int_t
455nxt_conf_vldt_tls_cache_size(nxt_conf_validation_t *vldt,

--- 25 unchanged lines hidden (view full) ---

481 "greater than zero.");
482 }
483
484 return NXT_OK;
485}
486
487#endif
488
489#if (NXT_HAVE_OPENSSL_TLSEXT)
472
490
491static nxt_int_t
492nxt_conf_vldt_ticket_key(nxt_conf_validation_t *vldt, nxt_conf_value_t *value,
493 void *data)
494{
495 if (nxt_conf_type(value) == NXT_CONF_BOOLEAN) {
496 return NXT_OK;
497 }
498
499 if (nxt_conf_type(value) == NXT_CONF_ARRAY) {
500 return nxt_conf_vldt_array_iterator(vldt, value,
501 &nxt_conf_vldt_ticket_key_element);
502 }
503
504 /* NXT_CONF_STRING */
505
506 return nxt_conf_vldt_ticket_key_element(vldt, value);
507}
508
509
510static nxt_int_t
511nxt_conf_vldt_ticket_key_element(nxt_conf_validation_t *vldt,
512 nxt_conf_value_t *value)
513{
514 nxt_str_t key;
515 nxt_int_t ret;
516
517 if (nxt_conf_type(value) != NXT_CONF_STRING) {
518 return nxt_conf_vldt_error(vldt, "The \"key\" array must "
519 "contain only string values.");
520 }
521
522 nxt_conf_get_string(value, &key);
523
524 ret = nxt_openssl_base64_decode(NULL, 0, key.start, key.length);
525 if (nxt_slow_path(ret == NXT_ERROR)) {
526 return NXT_ERROR;
527 }
528
529 if (ret == NXT_DECLINED) {
530 return nxt_conf_vldt_error(vldt, "Invalid Base64 format for the ticket "
531 "key \"%V\".", &key);
532 }
533
534 if (ret != 48 && ret != 80) {
535 return nxt_conf_vldt_error(vldt, "Invalid length %d of the ticket "
536 "key \"%V\". Must be 48 or 80 bytes.",
537 ret, &key);
538 }
539
540 return NXT_OK;
541}
542
543#endif
544
545
473static nxt_conf_vldt_object_t nxt_conf_vldt_route_members[] = {
474 {
475 .name = nxt_string("match"),
476 .type = NXT_CONF_VLDT_OBJECT,
477 .validator = nxt_conf_vldt_object,
478 .u.members = nxt_conf_vldt_match_members,
479 }, {
480 .name = nxt_string("action"),

--- 2361 unchanged lines hidden ---
546static nxt_conf_vldt_object_t nxt_conf_vldt_route_members[] = {
547 {
548 .name = nxt_string("match"),
549 .type = NXT_CONF_VLDT_OBJECT,
550 .validator = nxt_conf_vldt_object,
551 .u.members = nxt_conf_vldt_match_members,
552 }, {
553 .name = nxt_string("action"),

--- 2361 unchanged lines hidden ---