Mercurial > hg > nginx-vendor-current

diff src/http/ngx_http_request.c @ 218:1bf60f8c5c9e NGINX_0_3_56

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.3.56 *) Feature: the "dav_access" directive. *) Feature: the "if" directive supports the "-d", "!-d", "-e", "!-e", "-x", and "!-x" operators. *) Bugfix: a segmentation fault occurred if an request returned an redirect and some sent to client header lines were logged in the access log.
author Igor Sysoev <http://sysoev.ru>
date Fri, 04 Aug 2006 00:00:00 +0400
parents fa32d59d9a15
children 559bc7ec214e
line wrap: on
line diff
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1269,34 +1269,6 @@ ngx_http_process_request_header(ngx_http
         return NGX_ERROR;
     }
 
-#if (NGX_HTTP_SSL)
-
-    if (r->connection->ssl) {
-        sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
-
-        if (sscf->verify) {
-            rc = SSL_get_verify_result(r->connection->ssl->connection);
-
-            if (rc != X509_V_OK) {
-                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
-                              "client SSL certificate verify error: %l ", rc);
-                ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
-                return NGX_ERROR;
-            }
-
-            if (SSL_get_peer_certificate(r->connection->ssl->connection)
-                == NULL)
-            {
-                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
-                              "client sent no required SSL certificate");
-                ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
-                return NGX_ERROR;
-            }
-        }
-    }
-
-#endif
-
     if (r->headers_in.connection) {
         if (r->headers_in.connection->value.len == 5
             && ngx_strcasecmp(r->headers_in.connection->value.data, "close")
@@ -1362,6 +1334,35 @@ ngx_http_process_request_header(ngx_http
         }
     }
 
+#if (NGX_HTTP_SSL)
+
+    if (r->connection->ssl) {
+        sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
+
+        if (sscf->verify) {
+            rc = SSL_get_verify_result(r->connection->ssl->connection);
+
+            if (rc != X509_V_OK) {
+                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                              "client SSL certificate verify error: (%l:%s) ",
+                              rc, X509_verify_cert_error_string(rc));
+                ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
+                return NGX_ERROR;
+            }
+
+            if (SSL_get_peer_certificate(r->connection->ssl->connection)
+                == NULL)
+            {
+                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                              "client sent no required SSL certificate");
+                ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
+                return NGX_ERROR;
+            }
+        }
+    }
+
+#endif
+
     return NGX_OK;
 }