Mercurial > hg > nginx-vendor-current

comparison src/event/ngx_event_openssl.c @ 196:8759b346e431 NGINX_0_3_45

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.3.45 *) Feature: the "ssl_verify_client", "ssl_verify_depth", and "ssl_client_certificate" directives. *) Change: the $request_method variable now returns the main request method. *) Change: the ° symbol codes were changed in koi-win conversion table. *) Feature: the euro и N symbols were added to koi-win conversion table. *) Bugfix: if nginx distributed the requests among several backends and some backend failed, then requests intended for this backend was directed to one live backend only instead of being distributed among the rest.
author Igor Sysoev <http://sysoev.ru>
date Sat, 06 May 2006 00:00:00 +0400
parents 73e8476f9142
children 559bc7ec214e
comparison
equal deleted inserted replaced
195:b65e20aebc10 196:8759b346e431
162 if (ngx_conf_full_name(cf->cycle, key) == NGX_ERROR) { 162 if (ngx_conf_full_name(cf->cycle, key) == NGX_ERROR) {
163 return NGX_ERROR; 163 return NGX_ERROR;
164 } 164 }
165 165
166 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data, 166 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data,
167 SSL_FILETYPE_PEM) == 0) 167 SSL_FILETYPE_PEM)
168 == 0)
168 { 169 {
169 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, 170 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
170 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); 171 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data);
172 return NGX_ERROR;
173 }
174
175 return NGX_OK;
176 }
177
178
179 ngx_int_t
180 ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert)
181 {
182 if (ngx_conf_full_name(cf->cycle, cert) == NGX_ERROR) {
183 return NGX_ERROR;
184 }
185
186 if (SSL_CTX_load_verify_locations(ssl->ctx, (char *) cert->data, NULL)
187 == 0)
188 {
189 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
190 "SSL_CTX_load_verify_locations(\"%s\") failed",
191 cert->data);
171 return NGX_ERROR; 192 return NGX_ERROR;
172 } 193 }
173 194
174 return NGX_OK; 195 return NGX_OK;
175 } 196 }
1021 { 1042 {
1022 return (u_char *) SSL_get_cipher_name(c->ssl->connection); 1043 return (u_char *) SSL_get_cipher_name(c->ssl->connection);
1023 } 1044 }
1024 1045
1025 1046
1047 ngx_int_t
1048 ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
1049 {
1050 char *p;
1051 size_t len;
1052 X509 *cert;
1053 X509_NAME *name;
1054
1055 s->len = 0;
1056
1057 cert = SSL_get_peer_certificate(c->ssl->connection);
1058
1059 if (cert == NULL) {
1060 return NGX_OK;
1061 }
1062
1063 name = X509_get_subject_name(cert);
1064
1065 if (name == NULL) {
1066 return NGX_ERROR;
1067 }
1068
1069 p = X509_NAME_oneline(name, NULL, 0);
1070
1071 for (len = 0; p[len]; len++) { /* void */ }
1072
1073 s->len = len;
1074 s->data = ngx_palloc(pool, len);
1075 if (s->data == NULL) {
1076 OPENSSL_free(p);
1077 return NGX_ERROR;
1078 }
1079
1080 ngx_memcpy(s->data, p, len);
1081
1082 OPENSSL_free(p);
1083
1084 return NGX_OK;
1085 }
1086
1087
1088 ngx_int_t
1089 ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
1090 {
1091 char *p;
1092 size_t len;
1093 X509 *cert;
1094 X509_NAME *name;
1095
1096 s->len = 0;
1097
1098 cert = SSL_get_peer_certificate(c->ssl->connection);
1099
1100 if (cert == NULL) {
1101 return NGX_OK;
1102 }
1103
1104 name = X509_get_issuer_name(cert);
1105
1106 if (name == NULL) {
1107 return NGX_ERROR;
1108 }
1109
1110 p = X509_NAME_oneline(name, NULL, 0);
1111
1112 for (len = 0; p[len]; len++) { /* void */ }
1113
1114 s->len = len;
1115 s->data = ngx_palloc(pool, len);
1116 if (s->data == NULL) {
1117 OPENSSL_free(p);
1118 return NGX_ERROR;
1119 }
1120
1121 ngx_memcpy(s->data, p, len);
1122
1123 OPENSSL_free(p);
1124
1125 return NGX_OK;
1126 }
1127
1128
1026 static void * 1129 static void *
1027 ngx_openssl_create_conf(ngx_cycle_t *cycle) 1130 ngx_openssl_create_conf(ngx_cycle_t *cycle)
1028 { 1131 {
1029 ngx_openssl_conf_t *oscf; 1132 ngx_openssl_conf_t *oscf;
1030 1133