From 6e7f4ec09bbb6ba03591381b9ca2d171e5e37979 Mon Sep 17 00:00:00 2001
From: Aapo Talvensaari <aapo.talvensaari@gmail.com>
Date: Fri, 16 Feb 2024 14:07:15 +0200
Subject: [PATCH] chore(conf): enable grpc_ssl_conf_command too (#12548)

The #12420 by @Water-Melon forgot to add `grpc_ssl_conf_command`.
This commit adds that.

Signed-off-by: Aapo Talvensaari <aapo.talvensaari@gmail.com>
(cherry picked from commit 84cb1be01d8e9a241e8a2b3afd6d55bb184e605b)
---
 kong/conf_loader/init.lua        | 1 +
 kong/templates/kong_defaults.lua | 1 +
 kong/templates/nginx_kong.lua    | 1 +
 3 files changed, 3 insertions(+)

diff --git a/kong/conf_loader/init.lua b/kong/conf_loader/init.lua
index 5ad65dc7f26e..1f60b8d4c4e0 100644
--- a/kong/conf_loader/init.lua
+++ b/kong/conf_loader/init.lua
@@ -989,6 +989,7 @@ local function check_and_parse(conf, opts)
           "nginx_http_ssl_conf_command",
           "nginx_http_proxy_ssl_conf_command",
           "nginx_http_lua_ssl_conf_command",
+          "nginx_http_grpc_ssl_conf_command",
           "nginx_stream_ssl_conf_command",
           "nginx_stream_proxy_ssl_conf_command",
           "nginx_stream_lua_ssl_conf_command"}) do
diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua
index 5d7cf9e506c5..7c6734b14e29 100644
--- a/kong/templates/kong_defaults.lua
+++ b/kong/templates/kong_defaults.lua
@@ -94,6 +94,7 @@ nginx_http_ssl_session_timeout = NONE
 nginx_http_ssl_conf_command = NONE
 nginx_http_proxy_ssl_conf_command = NONE
 nginx_http_lua_ssl_conf_command = NONE
+nginx_http_grpc_ssl_conf_command = NONE
 nginx_http_lua_regex_match_limit = 100000
 nginx_http_lua_regex_cache_max_entries = 8192
 nginx_http_keepalive_requests = 10000
diff --git a/kong/templates/nginx_kong.lua b/kong/templates/nginx_kong.lua
index 5cf6047c2559..90aeea99a4bf 100644
--- a/kong/templates/nginx_kong.lua
+++ b/kong/templates/nginx_kong.lua
@@ -28,6 +28,7 @@ underscores_in_headers on;
 lua_ssl_conf_command CipherString DEFAULT:@SECLEVEL=0;
 proxy_ssl_conf_command CipherString DEFAULT:@SECLEVEL=0;
 ssl_conf_command CipherString DEFAULT:@SECLEVEL=0;
+grpc_ssl_conf_command CipherString DEFAULT:@SECLEVEL=0;
 > end
 > if ssl_ciphers then
 ssl_ciphers ${{SSL_CIPHERS}};