Mercurial > hg > nginx-ranges
diff src/event/ngx_event_openssl.c @ 372:6639b93e81b2 NGINX_0_6_30
nginx 0.6.30
*) Change: now if an "include" directive pattern does not match any
file, then nginx does not issue an error.
*) Feature: now the time in directives may be specified without spaces,
for example, "1h50m".
*) Bugfix: memory leaks if the "ssl_verify_client" directive was on.
Thanks to Chavelle Vincent.
*) Bugfix: the "sub_filter" directive might set text to change into
output.
*) Bugfix: the "error_page" directive did not take into account
arguments in redirected URI.
*) Bugfix: now nginx always opens files in binary mode under Cygwin.
*) Bugfix: nginx could not be built on OpenBSD; bug appeared in 0.6.15.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 29 Apr 2008 00:00:00 +0400 |
parents | 9a242235a80a |
children | 820f6378fc00 |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -285,10 +285,11 @@ ngx_ssl_client_certificate(ngx_conf_t *c static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) { +#if (NGX_DEBUG) char *subject, *issuer; int err, depth; X509 *cert; - X509_NAME *name; + X509_NAME *sname, *iname; ngx_connection_t *c; ngx_ssl_conn_t *ssl_conn; @@ -301,17 +302,26 @@ ngx_http_ssl_verify_callback(int ok, X50 err = X509_STORE_CTX_get_error(x509_store); depth = X509_STORE_CTX_get_error_depth(x509_store); - name = X509_get_subject_name(cert); - subject = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; - - name = X509_get_issuer_name(cert); - issuer = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; + sname = X509_get_subject_name(cert); + subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)"; + + iname = X509_get_issuer_name(cert); + issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)"; ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, "verify:%d, error:%d, depth:%d, " "subject:\"%s\",issuer: \"%s\"", ok, err, depth, subject, issuer); + if (sname) { + OPENSSL_free(subject); + } + + if (iname) { + OPENSSL_free(issuer); + } +#endif + return 1; } @@ -1778,6 +1788,7 @@ ngx_ssl_get_subject_dn(ngx_connection_t name = X509_get_subject_name(cert); if (name == NULL) { + X509_free(cert); return NGX_ERROR; } @@ -1789,12 +1800,14 @@ ngx_ssl_get_subject_dn(ngx_connection_t s->data = ngx_palloc(pool, len); if (s->data == NULL) { OPENSSL_free(p); + X509_free(cert); return NGX_ERROR; } ngx_memcpy(s->data, p, len); OPENSSL_free(p); + X509_free(cert); return NGX_OK; } @@ -1817,6 +1830,7 @@ ngx_ssl_get_issuer_dn(ngx_connection_t * name = X509_get_issuer_name(cert); if (name == NULL) { + X509_free(cert); return NGX_ERROR; } @@ -1828,12 +1842,14 @@ ngx_ssl_get_issuer_dn(ngx_connection_t * s->data = ngx_palloc(pool, len); if (s->data == NULL) { OPENSSL_free(p); + X509_free(cert); return NGX_ERROR; } ngx_memcpy(s->data, p, len); OPENSSL_free(p); + X509_free(cert); return NGX_OK; } @@ -1855,6 +1871,7 @@ ngx_ssl_get_serial_number(ngx_connection bio = BIO_new(BIO_s_mem()); if (bio == NULL) { + X509_free(cert); return NGX_ERROR; } @@ -1865,11 +1882,13 @@ ngx_ssl_get_serial_number(ngx_connection s->data = ngx_palloc(pool, len); if (s->data == NULL) { BIO_free(bio); + X509_free(cert); return NGX_ERROR; } BIO_read(bio, s->data, len); BIO_free(bio); + X509_free(cert); return NGX_OK; }