Mercurial > hg > nginx-vendor-current

comparison src/event/ngx_event_openssl.c @ 372:6639b93e81b2 NGINX_0_6_30

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.6.30 *) Change: now if an "include" directive pattern does not match any file, then nginx does not issue an error. *) Feature: now the time in directives may be specified without spaces, for example, "1h50m". *) Bugfix: memory leaks if the "ssl_verify_client" directive was on. Thanks to Chavelle Vincent. *) Bugfix: the "sub_filter" directive might set text to change into output. *) Bugfix: the "error_page" directive did not take into account arguments in redirected URI. *) Bugfix: now nginx always opens files in binary mode under Cygwin. *) Bugfix: nginx could not be built on OpenBSD; bug appeared in 0.6.15.
author Igor Sysoev <http://sysoev.ru>
date Tue, 29 Apr 2008 00:00:00 +0400
parents 9a242235a80a
children 820f6378fc00
comparison
equal deleted inserted replaced
371:b6a2a305fdad 372:6639b93e81b2
283 283
284 284
285 static int 285 static int
286 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) 286 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
287 { 287 {
288 #if (NGX_DEBUG)
288 char *subject, *issuer; 289 char *subject, *issuer;
289 int err, depth; 290 int err, depth;
290 X509 *cert; 291 X509 *cert;
291 X509_NAME *name; 292 X509_NAME *sname, *iname;
292 ngx_connection_t *c; 293 ngx_connection_t *c;
293 ngx_ssl_conn_t *ssl_conn; 294 ngx_ssl_conn_t *ssl_conn;
294 295
295 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store, 296 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store,
296 SSL_get_ex_data_X509_STORE_CTX_idx()); 297 SSL_get_ex_data_X509_STORE_CTX_idx());
299 300
300 cert = X509_STORE_CTX_get_current_cert(x509_store); 301 cert = X509_STORE_CTX_get_current_cert(x509_store);
301 err = X509_STORE_CTX_get_error(x509_store); 302 err = X509_STORE_CTX_get_error(x509_store);
302 depth = X509_STORE_CTX_get_error_depth(x509_store); 303 depth = X509_STORE_CTX_get_error_depth(x509_store);
303 304
304 name = X509_get_subject_name(cert); 305 sname = X509_get_subject_name(cert);
305 subject = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; 306 subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)";
306 307
307 name = X509_get_issuer_name(cert); 308 iname = X509_get_issuer_name(cert);
308 issuer = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; 309 issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)";
309 310
310 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, 311 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
311 "verify:%d, error:%d, depth:%d, " 312 "verify:%d, error:%d, depth:%d, "
312 "subject:\"%s\",issuer: \"%s\"", 313 "subject:\"%s\",issuer: \"%s\"",
313 ok, err, depth, subject, issuer); 314 ok, err, depth, subject, issuer);
315
316 if (sname) {
317 OPENSSL_free(subject);
318 }
319
320 if (iname) {
321 OPENSSL_free(issuer);
322 }
323 #endif
314 324
315 return 1; 325 return 1;
316 } 326 }
317 327
318 328
1776 return NGX_OK; 1786 return NGX_OK;
1777 } 1787 }
1778 1788
1779 name = X509_get_subject_name(cert); 1789 name = X509_get_subject_name(cert);
1780 if (name == NULL) { 1790 if (name == NULL) {
1791 X509_free(cert);
1781 return NGX_ERROR; 1792 return NGX_ERROR;
1782 } 1793 }
1783 1794
1784 p = X509_NAME_oneline(name, NULL, 0); 1795 p = X509_NAME_oneline(name, NULL, 0);
1785 1796
1787 1798
1788 s->len = len; 1799 s->len = len;
1789 s->data = ngx_palloc(pool, len); 1800 s->data = ngx_palloc(pool, len);
1790 if (s->data == NULL) { 1801 if (s->data == NULL) {
1791 OPENSSL_free(p); 1802 OPENSSL_free(p);
1803 X509_free(cert);
1792 return NGX_ERROR; 1804 return NGX_ERROR;
1793 } 1805 }
1794 1806
1795 ngx_memcpy(s->data, p, len); 1807 ngx_memcpy(s->data, p, len);
1796 1808
1797 OPENSSL_free(p); 1809 OPENSSL_free(p);
1810 X509_free(cert);
1798 1811
1799 return NGX_OK; 1812 return NGX_OK;
1800 } 1813 }
1801 1814
1802 1815
1815 return NGX_OK; 1828 return NGX_OK;
1816 } 1829 }
1817 1830
1818 name = X509_get_issuer_name(cert); 1831 name = X509_get_issuer_name(cert);
1819 if (name == NULL) { 1832 if (name == NULL) {
1833 X509_free(cert);
1820 return NGX_ERROR; 1834 return NGX_ERROR;
1821 } 1835 }
1822 1836
1823 p = X509_NAME_oneline(name, NULL, 0); 1837 p = X509_NAME_oneline(name, NULL, 0);
1824 1838
1826 1840
1827 s->len = len; 1841 s->len = len;
1828 s->data = ngx_palloc(pool, len); 1842 s->data = ngx_palloc(pool, len);
1829 if (s->data == NULL) { 1843 if (s->data == NULL) {
1830 OPENSSL_free(p); 1844 OPENSSL_free(p);
1845 X509_free(cert);
1831 return NGX_ERROR; 1846 return NGX_ERROR;
1832 } 1847 }
1833 1848
1834 ngx_memcpy(s->data, p, len); 1849 ngx_memcpy(s->data, p, len);
1835 1850
1836 OPENSSL_free(p); 1851 OPENSSL_free(p);
1852 X509_free(cert);
1837 1853
1838 return NGX_OK; 1854 return NGX_OK;
1839 } 1855 }
1840 1856
1841 1857
1853 return NGX_OK; 1869 return NGX_OK;
1854 } 1870 }
1855 1871
1856 bio = BIO_new(BIO_s_mem()); 1872 bio = BIO_new(BIO_s_mem());
1857 if (bio == NULL) { 1873 if (bio == NULL) {
1874 X509_free(cert);
1858 return NGX_ERROR; 1875 return NGX_ERROR;
1859 } 1876 }
1860 1877
1861 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)); 1878 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
1862 len = BIO_pending(bio); 1879 len = BIO_pending(bio);
1863 1880
1864 s->len = len; 1881 s->len = len;
1865 s->data = ngx_palloc(pool, len); 1882 s->data = ngx_palloc(pool, len);
1866 if (s->data == NULL) { 1883 if (s->data == NULL) {
1867 BIO_free(bio); 1884 BIO_free(bio);
1885 X509_free(cert);
1868 return NGX_ERROR; 1886 return NGX_ERROR;
1869 } 1887 }
1870 1888
1871 BIO_read(bio, s->data, len); 1889 BIO_read(bio, s->data, len);
1872 BIO_free(bio); 1890 BIO_free(bio);
1891 X509_free(cert);
1873 1892
1874 return NGX_OK; 1893 return NGX_OK;
1875 } 1894 }
1876 1895
1877 1896