12711: update upstream mtls patch

shreemaan-abhishek · shreemaan-abhishek · commit c1965ad816f1 · 2025-02-04T19:47:53.000+05:45
diff --git a/patch/1.27.1.1/nginx-upstream_mtls.patch b/patch/1.27.1.1/nginx-upstream_mtls.patch
@@ -1,5 +1,5 @@
 diff --git src/http/ngx_http_upstream.c src/http/ngx_http_upstream.c
-index 2be233c..78474f3 100644
+index 2be233c..06bbbb9 100644
 --- src/http/ngx_http_upstream.c
 +++ src/http/ngx_http_upstream.c
 @@ -8,6 +8,9 @@
@@ -12,7 +12,20 @@ index 2be233c..78474f3 100644
  
  
  #if (NGX_HTTP_CACHE)
-@@ -1756,6 +1759,10 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r,
+@@ -1713,8 +1716,11 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r,
+                                            NGX_HTTP_INTERNAL_SERVER_ERROR);
+         return;
+     }
+-
++#if (NGX_HTTP_APISIX)
++    if (u->conf->ssl_server_name || ngx_http_apisix_get_upstream_ssl_verify(r, u->conf->ssl_verify)) {
++#else
+     if (u->conf->ssl_server_name || u->conf->ssl_verify) {
++#endif
+         if (ngx_http_upstream_ssl_name(r, u, c) != NGX_OK) {
+             ngx_http_upstream_finalize_request(r, u,
+                                                NGX_HTTP_INTERNAL_SERVER_ERROR);
+@@ -1756,6 +1762,10 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r,
  
      r->connection->log->action = "SSL handshaking to upstream";
  
@@ -23,3 +36,15 @@ index 2be233c..78474f3 100644
      rc = ngx_ssl_handshake(c);
  
      if (rc == NGX_AGAIN) {
+@@ -1803,7 +1813,11 @@ ngx_http_upstream_ssl_handshake(ngx_http_request_t *r, ngx_http_upstream_t *u,
+ 
+     if (c->ssl->handshaked) {
+ 
++#if (NGX_HTTP_APISIX)
++        if (ngx_http_apisix_get_upstream_ssl_verify(r, u->conf->ssl_verify)) {
++#else
+         if (u->conf->ssl_verify) {
++#endif
+             rc = SSL_get_verify_result(c->ssl->connection);
+ 
+             if (rc != X509_V_OK) {
