Mercurial > hg > nginx-ranges

comparison src/event/ngx_event_openssl.c @ 635:e67b227c8dbb default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge with current.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 25 Apr 2011 04:07:55 +0400
parents ce857f6b74a7
children
comparison
equal deleted inserted replaced
578:f3a9e57d2e17 635:e67b227c8dbb
153 153
154 /* client side options */ 154 /* client side options */
155 155
156 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG); 156 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG);
157 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG); 157 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG);
158 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
159 158
160 /* server side options */ 159 /* server side options */
161 160
162 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); 161 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
163 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); 162 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
559 } 558 }
560 559
561 #if (NGX_DEBUG) 560 #if (NGX_DEBUG)
562 { 561 {
563 char buf[129], *s, *d; 562 char buf[129], *s, *d;
563 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
564 const
565 #endif
564 SSL_CIPHER *cipher; 566 SSL_CIPHER *cipher;
565 567
566 cipher = SSL_get_current_cipher(c->ssl->connection); 568 cipher = SSL_get_current_cipher(c->ssl->connection);
567 569
568 if (cipher) { 570 if (cipher) {
1307 } else if (sslerr == SSL_ERROR_SSL) { 1309 } else if (sslerr == SSL_ERROR_SSL) {
1308 1310
1309 n = ERR_GET_REASON(ERR_peek_error()); 1311 n = ERR_GET_REASON(ERR_peek_error());
1310 1312
1311 /* handshake failures */ 1313 /* handshake failures */
1312 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ 1314 if (n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */
1315 || n == SSL_R_DIGEST_CHECK_FAILED /* 149 */
1313 || n == SSL_R_LENGTH_MISMATCH /* 159 */ 1316 || n == SSL_R_LENGTH_MISMATCH /* 159 */
1314 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ 1317 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */
1315 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */ 1318 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */
1316 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ 1319 || n == SSL_R_NO_SHARED_CIPHER /* 193 */
1317 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */ 1320 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
2229 ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) 2232 ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
2230 { 2233 {
2231 X509 *cert; 2234 X509 *cert;
2232 2235
2233 if (SSL_get_verify_result(c->ssl->connection) != X509_V_OK) { 2236 if (SSL_get_verify_result(c->ssl->connection) != X509_V_OK) {
2234 s->len = sizeof("FAILED") - 1; 2237 ngx_str_set(s, "FAILED");
2235 s->data = (u_char *) "FAILED";
2236
2237 return NGX_OK; 2238 return NGX_OK;
2238 } 2239 }
2239 2240
2240 cert = SSL_get_peer_certificate(c->ssl->connection); 2241 cert = SSL_get_peer_certificate(c->ssl->connection);
2241 2242
2242 if (cert) { 2243 if (cert) {
2243 s->len = sizeof("SUCCESS") - 1; 2244 ngx_str_set(s, "SUCCESS");
2244 s->data = (u_char *) "SUCCESS";
2245 2245
2246 } else { 2246 } else {
2247 s->len = sizeof("NONE") - 1; 2247 ngx_str_set(s, "NONE");
2248 s->data = (u_char *) "NONE";
2249 } 2248 }
2250 2249
2251 X509_free(cert); 2250 X509_free(cert);
2252 2251
2253 return NGX_OK; 2252 return NGX_OK;