nginxtra 1.6.3.9 → 1.8.0.9

data/vendor/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c

@@ -231,7 +231,7 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t *pc, void *data)
 
     next:
 
-        if (++iphp->tries >= 20) {
+        if (++iphp->tries > 20) {
             return iphp->get_rr_peer(pc, &iphp->rrp);
         }
     }

data/vendor/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c

@@ -79,7 +79,7 @@ static char *ngx_http_upstream_keepalive(ngx_conf_t *cf, ngx_command_t *cmd,
 static ngx_command_t  ngx_http_upstream_keepalive_commands[] = {
 
     { ngx_string("keepalive"),
-      NGX_HTTP_UPS_CONF|NGX_CONF_TAKE12,
+      NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1,
       ngx_http_upstream_keepalive,
       NGX_HTTP_SRV_CONF_OFFSET,
       0,
@@ -248,6 +248,7 @@ ngx_http_upstream_get_keepalive_peer(ngx_peer_connection_t *pc, void *data)
                            "get keepalive peer: using connection %p", c);
 
             c->idle = 0;
+            c->sent = 0;
             c->log = pc->log;
             c->read->log = pc->log;
             c->write->log = pc->log;
@@ -386,7 +387,7 @@ ngx_http_upstream_keepalive_close_handler(ngx_event_t *ev)
     n = recv(c->fd, buf, 1, MSG_PEEK);
 
     if (n == -1 && ngx_socket_errno == NGX_EAGAIN) {
-        /* stale event */
+        ev->ready = 0;
 
         if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
             goto close;
@@ -485,7 +486,6 @@ ngx_http_upstream_keepalive(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
     ngx_int_t    n;
     ngx_str_t   *value;
-    ngx_uint_t   i;
 
     uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module);
 
@@ -514,23 +514,5 @@ ngx_http_upstream_keepalive(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
     kcf->max_cached = n;
 
-    for (i = 2; i < cf->args->nelts; i++) {
-
-        if (ngx_strcmp(value[i].data, "single") == 0) {
-            ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
-                               "the \"single\" parameter is deprecated");
-            continue;
-        }
-
-        goto invalid;
-    }
-
     return NGX_CONF_OK;
-
-invalid:
-
-    ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
-                       "invalid parameter \"%V\"", &value[i]);
-
-    return NGX_CONF_ERROR;
 }

data/vendor/nginx/src/http/modules/ngx_http_upstream_least_conn_module.c

@@ -299,10 +299,6 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data)
     lcp->rrp.tried[n] |= m;
     lcp->conns[p]++;
 
-    if (pc->tries == 1 && peers->next) {
-        pc->tries += peers->next->number;
-    }
-
     return NGX_OK;
 
 failed:
@@ -314,7 +310,6 @@ failed:
         lcp->conns += peers->number;
 
         lcp->rrp.peers = peers->next;
-        pc->tries = lcp->rrp.peers->number;
 
         n = (lcp->rrp.peers->number + (8 * sizeof(uintptr_t) - 1))
                 / (8 * sizeof(uintptr_t));

data/vendor/nginx/src/http/modules/ngx_http_uwsgi_module.c

@@ -13,15 +13,27 @@
 
 
 typedef struct {
-    ngx_http_upstream_conf_t   upstream;
+    ngx_array_t                caches;  /* ngx_http_file_cache_t * */
+} ngx_http_uwsgi_main_conf_t;
+
 
+typedef struct {
     ngx_array_t               *flushes;
-    ngx_array_t               *params_len;
-    ngx_array_t               *params;
-    ngx_array_t               *params_source;
+    ngx_array_t               *lengths;
+    ngx_array_t               *values;
+    ngx_uint_t                 number;
+    ngx_hash_t                 hash;
+} ngx_http_uwsgi_params_t;
 
-    ngx_hash_t                 headers_hash;
-    ngx_uint_t                 header_params;
+
+typedef struct {
+    ngx_http_upstream_conf_t   upstream;
+
+    ngx_http_uwsgi_params_t    params;
+#if (NGX_HTTP_CACHE)
+    ngx_http_uwsgi_params_t    params_cache;
+#endif
+    ngx_array_t               *params_source;
 
     ngx_array_t               *uwsgi_lengths;
     ngx_array_t               *uwsgi_values;
@@ -39,6 +51,12 @@ typedef struct {
     ngx_uint_t                 ssl;
     ngx_uint_t                 ssl_protocols;
     ngx_str_t                  ssl_ciphers;
+    ngx_uint_t                 ssl_verify_depth;
+    ngx_str_t                  ssl_trusted_certificate;
+    ngx_str_t                  ssl_crl;
+    ngx_str_t                  ssl_certificate;
+    ngx_str_t                  ssl_certificate_key;
+    ngx_array_t               *ssl_passwords;
 #endif
 } ngx_http_uwsgi_loc_conf_t;
 
@@ -53,11 +71,13 @@ static void ngx_http_uwsgi_abort_request(ngx_http_request_t *r);
 static void ngx_http_uwsgi_finalize_request(ngx_http_request_t *r,
     ngx_int_t rc);
 
+static void *ngx_http_uwsgi_create_main_conf(ngx_conf_t *cf);
 static void *ngx_http_uwsgi_create_loc_conf(ngx_conf_t *cf);
 static char *ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent,
     void *child);
-static ngx_int_t ngx_http_uwsgi_merge_params(ngx_conf_t *cf,
-    ngx_http_uwsgi_loc_conf_t *conf, ngx_http_uwsgi_loc_conf_t *prev);
+static ngx_int_t ngx_http_uwsgi_init_params(ngx_conf_t *cf,
+    ngx_http_uwsgi_loc_conf_t *conf, ngx_http_uwsgi_params_t *params,
+    ngx_keyval_t *default_params);
 
 static char *ngx_http_uwsgi_pass(ngx_conf_t *cf, ngx_command_t *cmd,
     void *conf);
@@ -73,6 +93,8 @@ static char *ngx_http_uwsgi_cache_key(ngx_conf_t *cf, ngx_command_t *cmd,
 #endif
 
 #if (NGX_HTTP_SSL)
+static char *ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf,
+    ngx_command_t *cmd, void *conf);
 static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf,
     ngx_http_uwsgi_loc_conf_t *uwcf);
 #endif
@@ -158,6 +180,13 @@ static ngx_command_t ngx_http_uwsgi_commands[] = {
       offsetof(ngx_http_uwsgi_loc_conf_t, upstream.buffering),
       NULL },
 
+    { ngx_string("uwsgi_request_buffering"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, upstream.request_buffering),
+      NULL },
+
     { ngx_string("uwsgi_ignore_client_abort"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
       ngx_conf_set_flag_slot,
@@ -235,6 +264,20 @@ static ngx_command_t ngx_http_uwsgi_commands[] = {
       offsetof(ngx_http_uwsgi_loc_conf_t, upstream.busy_buffers_size_conf),
       NULL },
 
+    { ngx_string("uwsgi_force_ranges"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, upstream.force_ranges),
+      NULL },
+
+    { ngx_string("uwsgi_limit_rate"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_size_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, upstream.limit_rate),
+      NULL },
+
 #if (NGX_HTTP_CACHE)
 
     { ngx_string("uwsgi_cache"),
@@ -254,8 +297,8 @@ static ngx_command_t ngx_http_uwsgi_commands[] = {
     { ngx_string("uwsgi_cache_path"),
       NGX_HTTP_MAIN_CONF|NGX_CONF_2MORE,
       ngx_http_file_cache_set_slot,
-      0,
-      0,
+      NGX_HTTP_MAIN_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_main_conf_t, caches),
       &ngx_http_uwsgi_module },
 
     { ngx_string("uwsgi_cache_bypass"),
@@ -314,6 +357,13 @@ static ngx_command_t ngx_http_uwsgi_commands[] = {
       offsetof(ngx_http_uwsgi_loc_conf_t, upstream.cache_lock_timeout),
       NULL },
 
+    { ngx_string("uwsgi_cache_lock_age"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_msec_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, upstream.cache_lock_age),
+      NULL },
+
     { ngx_string("uwsgi_cache_revalidate"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
       ngx_conf_set_flag_slot,
@@ -351,6 +401,20 @@ static ngx_command_t ngx_http_uwsgi_commands[] = {
       offsetof(ngx_http_uwsgi_loc_conf_t, upstream.next_upstream),
       &ngx_http_uwsgi_next_upstream_masks },
 
+    { ngx_string("uwsgi_next_upstream_tries"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_num_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, upstream.next_upstream_tries),
+      NULL },
+
+    { ngx_string("uwsgi_next_upstream_timeout"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_msec_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, upstream.next_upstream_timeout),
+      NULL },
+
     { ngx_string("uwsgi_param"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE23,
       ngx_http_upstream_param_set_slot,
@@ -409,6 +473,69 @@ static ngx_command_t ngx_http_uwsgi_commands[] = {
       offsetof(ngx_http_uwsgi_loc_conf_t, ssl_ciphers),
       NULL },
 
+    { ngx_string("uwsgi_ssl_name"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_http_set_complex_value_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_name),
+      NULL },
+
+    { ngx_string("uwsgi_ssl_server_name"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_server_name),
+      NULL },
+
+    { ngx_string("uwsgi_ssl_verify"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_verify),
+      NULL },
+
+    { ngx_string("uwsgi_ssl_verify_depth"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_num_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, ssl_verify_depth),
+      NULL },
+
+    { ngx_string("uwsgi_ssl_trusted_certificate"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, ssl_trusted_certificate),
+      NULL },
+
+    { ngx_string("uwsgi_ssl_crl"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl),
+      NULL },
+
+    { ngx_string("uwsgi_ssl_certificate"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate),
+      NULL },
+
+    { ngx_string("uwsgi_ssl_certificate_key"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate_key),
+      NULL },
+
+    { ngx_string("uwsgi_ssl_password_file"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_http_uwsgi_ssl_password_file,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      0,
+      NULL },
+
 #endif
 
       ngx_null_command
@@ -419,7 +546,7 @@ static ngx_http_module_t ngx_http_uwsgi_module_ctx = {
     NULL,                                  /* preconfiguration */
     NULL,                                  /* postconfiguration */
 
-    NULL,                                  /* create main configuration */
+    ngx_http_uwsgi_create_main_conf,       /* create main configuration */
     NULL,                                  /* init main configuration */
 
     NULL,                                  /* create server configuration */
@@ -462,7 +589,7 @@ static ngx_keyval_t  ngx_http_uwsgi_cache_headers[] = {
     { ngx_string("HTTP_IF_MODIFIED_SINCE"),
       ngx_string("$upstream_cache_last_modified") },
     { ngx_string("HTTP_IF_UNMODIFIED_SINCE"), ngx_string("") },
-    { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("") },
+    { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("$upstream_cache_etag") },
     { ngx_string("HTTP_IF_MATCH"), ngx_string("") },
     { ngx_string("HTTP_RANGE"), ngx_string("") },
     { ngx_string("HTTP_IF_RANGE"), ngx_string("") },
@@ -480,10 +607,13 @@ static ngx_path_init_t ngx_http_uwsgi_temp_path = {
 static ngx_int_t
 ngx_http_uwsgi_handler(ngx_http_request_t *r)
 {
-    ngx_int_t                   rc;
-    ngx_http_status_t          *status;
-    ngx_http_upstream_t        *u;
-    ngx_http_uwsgi_loc_conf_t  *uwcf;
+    ngx_int_t                    rc;
+    ngx_http_status_t           *status;
+    ngx_http_upstream_t         *u;
+    ngx_http_uwsgi_loc_conf_t   *uwcf;
+#if (NGX_HTTP_CACHE)
+    ngx_http_uwsgi_main_conf_t  *uwmcf;
+#endif
 
     if (ngx_http_upstream_create(r) != NGX_OK) {
         return NGX_HTTP_INTERNAL_SERVER_ERROR;
@@ -526,8 +656,12 @@ ngx_http_uwsgi_handler(ngx_http_request_t *r)
     u->conf = &uwcf->upstream;
 
 #if (NGX_HTTP_CACHE)
+    uwmcf = ngx_http_get_module_main_conf(r, ngx_http_uwsgi_module);
+
+    u->caches = &uwmcf->caches;
     u->create_key = ngx_http_uwsgi_create_key;
 #endif
+
     u->create_request = ngx_http_uwsgi_create_request;
     u->reinit_request = ngx_http_uwsgi_reinit_request;
     u->process_header = ngx_http_uwsgi_process_status_line;
@@ -545,6 +679,13 @@ ngx_http_uwsgi_handler(ngx_http_request_t *r)
     u->pipe->input_filter = ngx_event_pipe_copy_input_filter;
     u->pipe->input_ctx = r;
 
+    if (!uwcf->upstream.request_buffering
+        && uwcf->upstream.pass_request_body
+        && !r->headers_in.chunked)
+    {
+        r->request_body_no_buffering = 1;
+    }
+
     rc = ngx_http_read_client_request_body(r, ngx_http_upstream_init);
 
     if (rc >= NGX_HTTP_SPECIAL_RESPONSE) {
@@ -673,6 +814,7 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
     ngx_chain_t                  *cl, *body;
     ngx_list_part_t              *part;
     ngx_table_elt_t              *header, **ignored;
+    ngx_http_uwsgi_params_t      *params;
     ngx_http_script_code_pt       code;
     ngx_http_script_engine_t      e, le;
     ngx_http_uwsgi_loc_conf_t    *uwcf;
@@ -684,13 +826,19 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
 
     uwcf = ngx_http_get_module_loc_conf(r, ngx_http_uwsgi_module);
 
-    if (uwcf->params_len) {
+#if (NGX_HTTP_CACHE)
+    params = r->upstream->cacheable ? &uwcf->params_cache : &uwcf->params;
+#else
+    params = &uwcf->params;
+#endif
+
+    if (params->lengths) {
         ngx_memzero(&le, sizeof(ngx_http_script_engine_t));
 
-        ngx_http_script_flush_no_cacheable_variables(r, uwcf->flushes);
+        ngx_http_script_flush_no_cacheable_variables(r, params->flushes);
         le.flushed = 1;
 
-        le.ip = uwcf->params_len->elts;
+        le.ip = params->lengths->elts;
         le.request = r;
 
         while (*(uintptr_t *) le.ip) {
@@ -719,7 +867,7 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
         allocated = 0;
         lowcase_key = NULL;
 
-        if (uwcf->header_params) {
+        if (params->number) {
             n = 0;
             part = &r->headers_in.headers.part;
 
@@ -749,7 +897,7 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
                 i = 0;
             }
 
-            if (uwcf->header_params) {
+            if (params->number) {
                 if (allocated < header[i].key.len) {
                     allocated = header[i].key.len + 16;
                     lowcase_key = ngx_pnalloc(r->pool, allocated);
@@ -774,7 +922,7 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
                     lowcase_key[n] = ch;
                 }
 
-                if (ngx_hash_find(&uwcf->headers_hash, hash, lowcase_key, n)) {
+                if (ngx_hash_find(&params->hash, hash, lowcase_key, n)) {
                     ignored[header_params++] = &header[i];
                     continue;
                 }
@@ -813,15 +961,15 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
     *b->last++ = (u_char) ((len >> 8) & 0xff);
     *b->last++ = (u_char) uwcf->modifier2;
 
-    if (uwcf->params_len) {
+    if (params->lengths) {
         ngx_memzero(&e, sizeof(ngx_http_script_engine_t));
 
-        e.ip = uwcf->params->elts;
+        e.ip = params->values->elts;
         e.pos = b->last;
         e.request = r;
         e.flushed = 1;
 
-        le.ip = uwcf->params_len->elts;
+        le.ip = params->lengths->elts;
 
         while (*(uintptr_t *) le.ip) {
 
@@ -934,7 +1082,10 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
     b->last = ngx_copy(b->last, uwcf->uwsgi_string.data,
                        uwcf->uwsgi_string.len);
 
-    if (uwcf->upstream.pass_request_body) {
+    if (r->request_body_no_buffering) {
+        r->upstream->request_bufs = cl;
+
+    } else if (uwcf->upstream.pass_request_body) {
         body = r->upstream->request_bufs;
         r->upstream->request_bufs = cl;
 
@@ -1194,6 +1345,29 @@ ngx_http_uwsgi_finalize_request(ngx_http_request_t *r, ngx_int_t rc)
 }
 
 
+static void *
+ngx_http_uwsgi_create_main_conf(ngx_conf_t *cf)
+{
+    ngx_http_uwsgi_main_conf_t  *conf;
+
+    conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_uwsgi_main_conf_t));
+    if (conf == NULL) {
+        return NULL;
+    }
+
+#if (NGX_HTTP_CACHE)
+    if (ngx_array_init(&conf->caches, cf->pool, 4,
+                       sizeof(ngx_http_file_cache_t *))
+        != NGX_OK)
+    {
+        return NULL;
+    }
+#endif
+
+    return conf;
+}
+
+
 static void *
 ngx_http_uwsgi_create_loc_conf(ngx_conf_t *cf)
 {
@@ -1209,17 +1383,22 @@ ngx_http_uwsgi_create_loc_conf(ngx_conf_t *cf)
 
     conf->upstream.store = NGX_CONF_UNSET;
     conf->upstream.store_access = NGX_CONF_UNSET_UINT;
+    conf->upstream.next_upstream_tries = NGX_CONF_UNSET_UINT;
     conf->upstream.buffering = NGX_CONF_UNSET;
+    conf->upstream.request_buffering = NGX_CONF_UNSET;
     conf->upstream.ignore_client_abort = NGX_CONF_UNSET;
+    conf->upstream.force_ranges = NGX_CONF_UNSET;
 
     conf->upstream.local = NGX_CONF_UNSET_PTR;
 
     conf->upstream.connect_timeout = NGX_CONF_UNSET_MSEC;
     conf->upstream.send_timeout = NGX_CONF_UNSET_MSEC;
     conf->upstream.read_timeout = NGX_CONF_UNSET_MSEC;
+    conf->upstream.next_upstream_timeout = NGX_CONF_UNSET_MSEC;
 
     conf->upstream.send_lowat = NGX_CONF_UNSET_SIZE;
     conf->upstream.buffer_size = NGX_CONF_UNSET_SIZE;
+    conf->upstream.limit_rate = NGX_CONF_UNSET_SIZE;
 
     conf->upstream.busy_buffers_size_conf = NGX_CONF_UNSET_SIZE;
     conf->upstream.max_temp_file_size_conf = NGX_CONF_UNSET_SIZE;
@@ -1229,13 +1408,14 @@ ngx_http_uwsgi_create_loc_conf(ngx_conf_t *cf)
     conf->upstream.pass_request_body = NGX_CONF_UNSET;
 
 #if (NGX_HTTP_CACHE)
-    conf->upstream.cache = NGX_CONF_UNSET_PTR;
+    conf->upstream.cache = NGX_CONF_UNSET;
     conf->upstream.cache_min_uses = NGX_CONF_UNSET_UINT;
     conf->upstream.cache_bypass = NGX_CONF_UNSET_PTR;
     conf->upstream.no_cache = NGX_CONF_UNSET_PTR;
     conf->upstream.cache_valid = NGX_CONF_UNSET_PTR;
     conf->upstream.cache_lock = NGX_CONF_UNSET;
     conf->upstream.cache_lock_timeout = NGX_CONF_UNSET_MSEC;
+    conf->upstream.cache_lock_age = NGX_CONF_UNSET_MSEC;
     conf->upstream.cache_revalidate = NGX_CONF_UNSET;
 #endif
 
@@ -1243,8 +1423,13 @@ ngx_http_uwsgi_create_loc_conf(ngx_conf_t *cf)
     conf->upstream.pass_headers = NGX_CONF_UNSET_PTR;
 
     conf->upstream.intercept_errors = NGX_CONF_UNSET;
+
 #if (NGX_HTTP_SSL)
     conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
+    conf->upstream.ssl_server_name = NGX_CONF_UNSET;
+    conf->upstream.ssl_verify = NGX_CONF_UNSET;
+    conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
+    conf->ssl_passwords = NGX_CONF_UNSET_PTR;
 #endif
 
     /* "uwsgi_cyclic_temp_file" is disabled */
@@ -1265,27 +1450,47 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_http_uwsgi_loc_conf_t *conf = child;
 
     size_t                        size;
+    ngx_int_t                     rc;
     ngx_hash_init_t               hash;
     ngx_http_core_loc_conf_t     *clcf;
 
-    if (conf->upstream.store != 0) {
+#if (NGX_HTTP_CACHE)
+
+    if (conf->upstream.store > 0) {
+        conf->upstream.cache = 0;
+    }
+
+    if (conf->upstream.cache > 0) {
+        conf->upstream.store = 0;
+    }
+
+#endif
+
+    if (conf->upstream.store == NGX_CONF_UNSET) {
         ngx_conf_merge_value(conf->upstream.store, prev->upstream.store, 0);
 
-        if (conf->upstream.store_lengths == NULL) {
-            conf->upstream.store_lengths = prev->upstream.store_lengths;
-            conf->upstream.store_values = prev->upstream.store_values;
-        }
+        conf->upstream.store_lengths = prev->upstream.store_lengths;
+        conf->upstream.store_values = prev->upstream.store_values;
     }
 
     ngx_conf_merge_uint_value(conf->upstream.store_access,
                               prev->upstream.store_access, 0600);
 
+    ngx_conf_merge_uint_value(conf->upstream.next_upstream_tries,
+                              prev->upstream.next_upstream_tries, 0);
+
     ngx_conf_merge_value(conf->upstream.buffering,
                               prev->upstream.buffering, 1);
 
+    ngx_conf_merge_value(conf->upstream.request_buffering,
+                              prev->upstream.request_buffering, 1);
+
     ngx_conf_merge_value(conf->upstream.ignore_client_abort,
                               prev->upstream.ignore_client_abort, 0);
 
+    ngx_conf_merge_value(conf->upstream.force_ranges,
+                              prev->upstream.force_ranges, 0);
+
     ngx_conf_merge_ptr_value(conf->upstream.local,
                               prev->upstream.local, NULL);
 
@@ -1298,6 +1503,9 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_conf_merge_msec_value(conf->upstream.read_timeout,
                               prev->upstream.read_timeout, 60000);
 
+    ngx_conf_merge_msec_value(conf->upstream.next_upstream_timeout,
+                              prev->upstream.next_upstream_timeout, 0);
+
     ngx_conf_merge_size_value(conf->upstream.send_lowat,
                               prev->upstream.send_lowat, 0);
 
@@ -1305,6 +1513,9 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
                               prev->upstream.buffer_size,
                               (size_t) ngx_pagesize);
 
+    ngx_conf_merge_size_value(conf->upstream.limit_rate,
+                              prev->upstream.limit_rate, 0);
+
 
     ngx_conf_merge_bufs_value(conf->upstream.bufs, prev->upstream.bufs,
                               8, ngx_pagesize);
@@ -1386,7 +1597,8 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
     }
 
     if (conf->upstream.max_temp_file_size != 0
-        && conf->upstream.max_temp_file_size < size) {
+        && conf->upstream.max_temp_file_size < size)
+    {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
             "\"uwsgi_max_temp_file_size\" must be equal to zero to disable "
             "temporary files usage or must be equal to or greater than "
@@ -1423,13 +1635,18 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
 
 #if (NGX_HTTP_CACHE)
 
-    ngx_conf_merge_ptr_value(conf->upstream.cache,
-                              prev->upstream.cache, NULL);
+    if (conf->upstream.cache == NGX_CONF_UNSET) {
+        ngx_conf_merge_value(conf->upstream.cache,
+                              prev->upstream.cache, 0);
 
-    if (conf->upstream.cache && conf->upstream.cache->data == NULL) {
+        conf->upstream.cache_zone = prev->upstream.cache_zone;
+        conf->upstream.cache_value = prev->upstream.cache_value;
+    }
+
+    if (conf->upstream.cache_zone && conf->upstream.cache_zone->data == NULL) {
         ngx_shm_zone_t  *shm_zone;
 
-        shm_zone = conf->upstream.cache;
+        shm_zone = conf->upstream.cache_zone;
 
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "\"uwsgi_cache\" zone \"%V\" is unknown",
@@ -1474,12 +1691,20 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
         conf->cache_key = prev->cache_key;
     }
 
+    if (conf->upstream.cache && conf->cache_key.value.data == NULL) {
+        ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+                           "no \"uwsgi_cache_key\" for \"uwsgi_cache\"");
+    }
+
     ngx_conf_merge_value(conf->upstream.cache_lock,
                               prev->upstream.cache_lock, 0);
 
     ngx_conf_merge_msec_value(conf->upstream.cache_lock_timeout,
                               prev->upstream.cache_lock_timeout, 5000);
 
+    ngx_conf_merge_msec_value(conf->upstream.cache_lock_age,
+                              prev->upstream.cache_lock_age, 5000);
+
     ngx_conf_merge_value(conf->upstream.cache_revalidate,
                               prev->upstream.cache_revalidate, 0);
 
@@ -1494,6 +1719,7 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
                          prev->upstream.intercept_errors, 0);
 
 #if (NGX_HTTP_SSL)
+
     ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
                               prev->upstream.ssl_session_reuse, 1);
 
@@ -1505,13 +1731,30 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
                              "DEFAULT");
 
+    if (conf->upstream.ssl_name == NULL) {
+        conf->upstream.ssl_name = prev->upstream.ssl_name;
+    }
+
+    ngx_conf_merge_value(conf->upstream.ssl_server_name,
+                              prev->upstream.ssl_server_name, 0);
+    ngx_conf_merge_value(conf->upstream.ssl_verify,
+                              prev->upstream.ssl_verify, 0);
+    ngx_conf_merge_uint_value(conf->ssl_verify_depth,
+                              prev->ssl_verify_depth, 1);
+    ngx_conf_merge_str_value(conf->ssl_trusted_certificate,
+                              prev->ssl_trusted_certificate, "");
+    ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, "");
+
+    ngx_conf_merge_str_value(conf->ssl_certificate,
+                              prev->ssl_certificate, "");
+    ngx_conf_merge_str_value(conf->ssl_certificate_key,
+                              prev->ssl_certificate_key, "");
+    ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL);
+
     if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) {
         return NGX_CONF_ERROR;
     }
 
-    if (conf->upstream.ssl == NULL) {
-        conf->upstream.ssl = prev->upstream.ssl;
-    }
 #endif
 
     ngx_conf_merge_str_value(conf->uwsgi_string, prev->uwsgi_string, "");
@@ -1527,88 +1770,91 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
         return NGX_CONF_ERROR;
     }
 
-    if (conf->upstream.upstream == NULL) {
+    clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module);
+
+    if (clcf->noname
+        && conf->upstream.upstream == NULL && conf->uwsgi_lengths == NULL)
+    {
         conf->upstream.upstream = prev->upstream.upstream;
-    }
 
-    if (conf->uwsgi_lengths == NULL) {
         conf->uwsgi_lengths = prev->uwsgi_lengths;
         conf->uwsgi_values = prev->uwsgi_values;
+
+#if (NGX_HTTP_SSL)
+        conf->upstream.ssl = prev->upstream.ssl;
+#endif
     }
 
-    if (conf->upstream.upstream || conf->uwsgi_lengths) {
-        clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module);
-        if (clcf->handler == NULL && clcf->lmt_excpt) {
-            clcf->handler = ngx_http_uwsgi_handler;
-        }
+    if (clcf->lmt_excpt && clcf->handler == NULL
+        && (conf->upstream.upstream || conf->uwsgi_lengths))
+    {
+        clcf->handler = ngx_http_uwsgi_handler;
     }
 
     ngx_conf_merge_uint_value(conf->modifier1, prev->modifier1, 0);
     ngx_conf_merge_uint_value(conf->modifier2, prev->modifier2, 0);
 
-    if (ngx_http_uwsgi_merge_params(cf, conf, prev) != NGX_OK) {
+    if (conf->params_source == NULL) {
+        conf->params = prev->params;
+#if (NGX_HTTP_CACHE)
+        conf->params_cache = prev->params_cache;
+#endif
+        conf->params_source = prev->params_source;
+    }
+
+    rc = ngx_http_uwsgi_init_params(cf, conf, &conf->params, NULL);
+    if (rc != NGX_OK) {
         return NGX_CONF_ERROR;
     }
 
+#if (NGX_HTTP_CACHE)
+
+    if (conf->upstream.cache) {
+        rc = ngx_http_uwsgi_init_params(cf, conf, &conf->params_cache,
+                                        ngx_http_uwsgi_cache_headers);
+        if (rc != NGX_OK) {
+            return NGX_CONF_ERROR;
+        }
+    }
+
+#endif
+
     return NGX_CONF_OK;
 }
 
 
 static ngx_int_t
-ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
-    ngx_http_uwsgi_loc_conf_t *prev)
+ngx_http_uwsgi_init_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
+    ngx_http_uwsgi_params_t *params, ngx_keyval_t *default_params)
 {
     u_char                       *p;
     size_t                        size;
     uintptr_t                    *code;
     ngx_uint_t                    i, nsrc;
-    ngx_array_t                   headers_names;
-#if (NGX_HTTP_CACHE)
-    ngx_array_t                   params_merged;
-#endif
+    ngx_array_t                   headers_names, params_merged;
+    ngx_keyval_t                 *h;
     ngx_hash_key_t               *hk;
     ngx_hash_init_t               hash;
-    ngx_http_upstream_param_t    *src;
+    ngx_http_upstream_param_t    *src, *s;
     ngx_http_script_compile_t     sc;
     ngx_http_script_copy_code_t  *copy;
 
-    if (conf->params_source == NULL) {
-        conf->params_source = prev->params_source;
-
-        if (prev->headers_hash.buckets
-#if (NGX_HTTP_CACHE)
-            && ((conf->upstream.cache == NULL)
-                == (prev->upstream.cache == NULL))
-#endif
-           )
-        {
-            conf->flushes = prev->flushes;
-            conf->params_len = prev->params_len;
-            conf->params = prev->params;
-            conf->headers_hash = prev->headers_hash;
-            conf->header_params = prev->header_params;
-
-            return NGX_OK;
-        }
+    if (params->hash.buckets) {
+        return NGX_OK;
     }
 
-    if (conf->params_source == NULL
-#if (NGX_HTTP_CACHE)
-        && (conf->upstream.cache == NULL)
-#endif
-       )
-    {
-        conf->headers_hash.buckets = (void *) 1;
+    if (conf->params_source == NULL && default_params == NULL) {
+        params->hash.buckets = (void *) 1;
         return NGX_OK;
     }
 
-    conf->params_len = ngx_array_create(cf->pool, 64, 1);
-    if (conf->params_len == NULL) {
+    params->lengths = ngx_array_create(cf->pool, 64, 1);
+    if (params->lengths == NULL) {
         return NGX_ERROR;
     }
 
-    conf->params = ngx_array_create(cf->pool, 512, 1);
-    if (conf->params == NULL) {
+    params->values = ngx_array_create(cf->pool, 512, 1);
+    if (params->values == NULL) {
         return NGX_ERROR;
     }
 
@@ -1627,12 +1873,7 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
         nsrc = 0;
     }
 
-#if (NGX_HTTP_CACHE)
-
-    if (conf->upstream.cache) {
-        ngx_keyval_t               *h;
-        ngx_http_upstream_param_t  *s;
-
+    if (default_params) {
         if (ngx_array_init(&params_merged, cf->temp_pool, 4,
                            sizeof(ngx_http_upstream_param_t))
             != NGX_OK)
@@ -1650,7 +1891,7 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
             *s = src[i];
         }
 
-        h = ngx_http_uwsgi_cache_headers;
+        h = default_params;
 
         while (h->key.len) {
 
@@ -1681,8 +1922,6 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
         nsrc = params_merged.nelts;
     }
 
-#endif
-
     for (i = 0; i < nsrc; i++) {
 
         if (src[i].key.len > sizeof("HTTP_") - 1
@@ -1703,7 +1942,7 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
             }
         }
 
-        copy = ngx_array_push_n(conf->params_len,
+        copy = ngx_array_push_n(params->lengths,
                                 sizeof(ngx_http_script_copy_code_t));
         if (copy == NULL) {
             return NGX_ERROR;
@@ -1712,7 +1951,7 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
         copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code;
         copy->len = src[i].key.len;
 
-        copy = ngx_array_push_n(conf->params_len,
+        copy = ngx_array_push_n(params->lengths,
                                 sizeof(ngx_http_script_copy_code_t));
         if (copy == NULL) {
             return NGX_ERROR;
@@ -1726,7 +1965,7 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
                 + src[i].key.len + sizeof(uintptr_t) - 1)
                & ~(sizeof(uintptr_t) - 1);
 
-        copy = ngx_array_push_n(conf->params, size);
+        copy = ngx_array_push_n(params->values, size);
         if (copy == NULL) {
             return NGX_ERROR;
         }
@@ -1742,15 +1981,15 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
 
         sc.cf = cf;
         sc.source = &src[i].value;
-        sc.flushes = &conf->flushes;
-        sc.lengths = &conf->params_len;
-        sc.values = &conf->params;
+        sc.flushes = &params->flushes;
+        sc.lengths = &params->lengths;
+        sc.values = &params->values;
 
         if (ngx_http_script_compile(&sc) != NGX_OK) {
             return NGX_ERROR;
         }
 
-        code = ngx_array_push_n(conf->params_len, sizeof(uintptr_t));
+        code = ngx_array_push_n(params->lengths, sizeof(uintptr_t));
         if (code == NULL) {
             return NGX_ERROR;
         }
@@ -1758,7 +1997,7 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
         *code = (uintptr_t) NULL;
 
 
-        code = ngx_array_push_n(conf->params, sizeof(uintptr_t));
+        code = ngx_array_push_n(params->values, sizeof(uintptr_t));
         if (code == NULL) {
             return NGX_ERROR;
         }
@@ -1766,16 +2005,16 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
         *code = (uintptr_t) NULL;
     }
 
-    code = ngx_array_push_n(conf->params_len, sizeof(uintptr_t));
+    code = ngx_array_push_n(params->lengths, sizeof(uintptr_t));
     if (code == NULL) {
         return NGX_ERROR;
     }
 
     *code = (uintptr_t) NULL;
 
-    conf->header_params = headers_names.nelts;
+    params->number = headers_names.nelts;
 
-    hash.hash = &conf->headers_hash;
+    hash.hash = &params->hash;
     hash.key = ngx_hash_key_lc;
     hash.max_size = 512;
     hash.bucket_size = 64;
@@ -1803,7 +2042,7 @@ ngx_http_uwsgi_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
         return "is duplicate";
     }
 
-    clcf = ngx_http_conf_get_module_loc_conf (cf, ngx_http_core_module);
+    clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module);
     clcf->handler = ngx_http_uwsgi_handler;
 
     value = cf->args->elts;
@@ -1880,8 +2119,7 @@ ngx_http_uwsgi_store(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
     ngx_str_t                  *value;
     ngx_http_script_compile_t   sc;
 
-    if (uwcf->upstream.store != NGX_CONF_UNSET || uwcf->upstream.store_lengths)
-    {
+    if (uwcf->upstream.store != NGX_CONF_UNSET) {
         return "is duplicate";
     }
 
@@ -1894,16 +2132,15 @@ ngx_http_uwsgi_store(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
 #if (NGX_HTTP_CACHE)
 
-    if (uwcf->upstream.cache != NGX_CONF_UNSET_PTR
-        && uwcf->upstream.cache != NULL)
-    {
+    if (uwcf->upstream.cache > 0) {
         return "is incompatible with \"uwsgi_cache\"";
     }
 
 #endif
 
+    uwcf->upstream.store = 1;
+
     if (ngx_strcmp(value[1].data, "on") == 0) {
-        uwcf->upstream.store = 1;
         return NGX_CONF_OK;
     }
 
@@ -1935,26 +2172,53 @@ ngx_http_uwsgi_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 {
     ngx_http_uwsgi_loc_conf_t *uwcf = conf;
 
-    ngx_str_t  *value;
+    ngx_str_t                         *value;
+    ngx_http_complex_value_t           cv;
+    ngx_http_compile_complex_value_t   ccv;
 
     value = cf->args->elts;
 
-    if (uwcf->upstream.cache != NGX_CONF_UNSET_PTR) {
+    if (uwcf->upstream.cache != NGX_CONF_UNSET) {
         return "is duplicate";
     }
 
     if (ngx_strcmp(value[1].data, "off") == 0) {
-        uwcf->upstream.cache = NULL;
+        uwcf->upstream.cache = 0;
         return NGX_CONF_OK;
     }
 
-    if (uwcf->upstream.store > 0 || uwcf->upstream.store_lengths) {
+    if (uwcf->upstream.store > 0) {
         return "is incompatible with \"uwsgi_store\"";
     }
 
-    uwcf->upstream.cache = ngx_shared_memory_add(cf, &value[1], 0,
-                                                 &ngx_http_uwsgi_module);
-    if (uwcf->upstream.cache == NULL) {
+    uwcf->upstream.cache = 1;
+
+    ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+    ccv.cf = cf;
+    ccv.value = &value[1];
+    ccv.complex_value = &cv;
+
+    if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+        return NGX_CONF_ERROR;
+    }
+
+    if (cv.lengths != NULL) {
+
+        uwcf->upstream.cache_value = ngx_palloc(cf->pool,
+                                             sizeof(ngx_http_complex_value_t));
+        if (uwcf->upstream.cache_value == NULL) {
+            return NGX_CONF_ERROR;
+        }
+
+        *uwcf->upstream.cache_value = cv;
+
+        return NGX_CONF_OK;
+    }
+
+    uwcf->upstream.cache_zone = ngx_shared_memory_add(cf, &value[1], 0,
+                                                      &ngx_http_uwsgi_module);
+    if (uwcf->upstream.cache_zone == NULL) {
         return NGX_CONF_ERROR;
     }
 
@@ -1994,6 +2258,29 @@ ngx_http_uwsgi_cache_key(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
 #if (NGX_HTTP_SSL)
 
+static char *
+ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    ngx_http_uwsgi_loc_conf_t *uwcf = conf;
+
+    ngx_str_t  *value;
+
+    if (uwcf->ssl_passwords != NGX_CONF_UNSET_PTR) {
+        return "is duplicate";
+    }
+
+    value = cf->args->elts;
+
+    uwcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
+
+    if (uwcf->ssl_passwords == NULL) {
+        return NGX_CONF_ERROR;
+    }
+
+    return NGX_CONF_OK;
+}
+
+
 static ngx_int_t
 ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
 {
@@ -2012,6 +2299,31 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
         return NGX_ERROR;
     }
 
+    cln = ngx_pool_cleanup_add(cf->pool, 0);
+    if (cln == NULL) {
+        return NGX_ERROR;
+    }
+
+    cln->handler = ngx_ssl_cleanup_ctx;
+    cln->data = uwcf->upstream.ssl;
+
+    if (uwcf->ssl_certificate.len) {
+
+        if (uwcf->ssl_certificate_key.len == 0) {
+            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+                          "no \"uwsgi_ssl_certificate_key\" is defined "
+                          "for certificate \"%V\"", &uwcf->ssl_certificate);
+            return NGX_ERROR;
+        }
+
+        if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, &uwcf->ssl_certificate,
+                                &uwcf->ssl_certificate_key, uwcf->ssl_passwords)
+            != NGX_OK)
+        {
+            return NGX_ERROR;
+        }
+    }
+
     if (SSL_CTX_set_cipher_list(uwcf->upstream.ssl->ctx,
                                 (const char *) uwcf->ssl_ciphers.data)
         == 0)
@@ -2022,13 +2334,25 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
         return NGX_ERROR;
     }
 
-    cln = ngx_pool_cleanup_add(cf->pool, 0);
-    if (cln == NULL) {
-        return NGX_ERROR;
-    }
+    if (uwcf->upstream.ssl_verify) {
+        if (uwcf->ssl_trusted_certificate.len == 0) {
+            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+                      "no uwsgi_ssl_trusted_certificate for uwsgi_ssl_verify");
+            return NGX_ERROR;
+        }
 
-    cln->handler = ngx_ssl_cleanup_ctx;
-    cln->data = uwcf->upstream.ssl;
+        if (ngx_ssl_trusted_certificate(cf, uwcf->upstream.ssl,
+                                        &uwcf->ssl_trusted_certificate,
+                                        uwcf->ssl_verify_depth)
+            != NGX_OK)
+        {
+            return NGX_ERROR;
+        }
+
+        if (ngx_ssl_crl(cf, uwcf->upstream.ssl, &uwcf->ssl_crl) != NGX_OK) {
+            return NGX_ERROR;
+        }
+    }
 
     return NGX_OK;
 }