Mercurial > hg > nginx-ranges
comparison src/event/ngx_event_openssl.c @ 635:e67b227c8dbb default tip
Merge with current.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 25 Apr 2011 04:07:55 +0400 |
parents | ce857f6b74a7 |
children |
comparison
equal
deleted
inserted
replaced
578:f3a9e57d2e17 | 635:e67b227c8dbb |
---|---|
153 | 153 |
154 /* client side options */ | 154 /* client side options */ |
155 | 155 |
156 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG); | 156 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG); |
157 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG); | 157 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG); |
158 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG); | |
159 | 158 |
160 /* server side options */ | 159 /* server side options */ |
161 | 160 |
162 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); | 161 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); |
163 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); | 162 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); |
559 } | 558 } |
560 | 559 |
561 #if (NGX_DEBUG) | 560 #if (NGX_DEBUG) |
562 { | 561 { |
563 char buf[129], *s, *d; | 562 char buf[129], *s, *d; |
563 #if OPENSSL_VERSION_NUMBER >= 0x10000000L | |
564 const | |
565 #endif | |
564 SSL_CIPHER *cipher; | 566 SSL_CIPHER *cipher; |
565 | 567 |
566 cipher = SSL_get_current_cipher(c->ssl->connection); | 568 cipher = SSL_get_current_cipher(c->ssl->connection); |
567 | 569 |
568 if (cipher) { | 570 if (cipher) { |
1307 } else if (sslerr == SSL_ERROR_SSL) { | 1309 } else if (sslerr == SSL_ERROR_SSL) { |
1308 | 1310 |
1309 n = ERR_GET_REASON(ERR_peek_error()); | 1311 n = ERR_GET_REASON(ERR_peek_error()); |
1310 | 1312 |
1311 /* handshake failures */ | 1313 /* handshake failures */ |
1312 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ | 1314 if (n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */ |
1315 || n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ | |
1313 || n == SSL_R_LENGTH_MISMATCH /* 159 */ | 1316 || n == SSL_R_LENGTH_MISMATCH /* 159 */ |
1314 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ | 1317 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ |
1315 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */ | 1318 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */ |
1316 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ | 1319 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ |
1317 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */ | 1320 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */ |
2229 ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 2232 ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
2230 { | 2233 { |
2231 X509 *cert; | 2234 X509 *cert; |
2232 | 2235 |
2233 if (SSL_get_verify_result(c->ssl->connection) != X509_V_OK) { | 2236 if (SSL_get_verify_result(c->ssl->connection) != X509_V_OK) { |
2234 s->len = sizeof("FAILED") - 1; | 2237 ngx_str_set(s, "FAILED"); |
2235 s->data = (u_char *) "FAILED"; | |
2236 | |
2237 return NGX_OK; | 2238 return NGX_OK; |
2238 } | 2239 } |
2239 | 2240 |
2240 cert = SSL_get_peer_certificate(c->ssl->connection); | 2241 cert = SSL_get_peer_certificate(c->ssl->connection); |
2241 | 2242 |
2242 if (cert) { | 2243 if (cert) { |
2243 s->len = sizeof("SUCCESS") - 1; | 2244 ngx_str_set(s, "SUCCESS"); |
2244 s->data = (u_char *) "SUCCESS"; | |
2245 | 2245 |
2246 } else { | 2246 } else { |
2247 s->len = sizeof("NONE") - 1; | 2247 ngx_str_set(s, "NONE"); |
2248 s->data = (u_char *) "NONE"; | |
2249 } | 2248 } |
2250 | 2249 |
2251 X509_free(cert); | 2250 X509_free(cert); |
2252 | 2251 |
2253 return NGX_OK; | 2252 return NGX_OK; |