Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 6815:2d15fff64e3c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 05 Dec 2016 22:23:23 +0300
parents 379139020d36
children ea93c7d8752a
comparison
equal deleted inserted replaced
6814:379139020d36 6815:2d15fff64e3c
56 #endif 56 #endif
57 57
58 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 58 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
59 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); 59 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str);
60 #endif 60 #endif
61
62 static time_t ngx_ssl_parse_time(
63 #if OPENSSL_VERSION_NUMBER > 0x10100000L
64 const
65 #endif
66 ASN1_TIME *asn1time);
61 67
62 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); 68 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
63 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); 69 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
64 static void ngx_openssl_exit(ngx_cycle_t *cycle); 70 static void ngx_openssl_exit(ngx_cycle_t *cycle);
65 71
3747 3753
3748 return NGX_OK; 3754 return NGX_OK;
3749 } 3755 }
3750 3756
3751 3757
3758 ngx_int_t
3759 ngx_ssl_get_client_v_start(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
3760 {
3761 BIO *bio;
3762 X509 *cert;
3763 size_t len;
3764
3765 s->len = 0;
3766
3767 cert = SSL_get_peer_certificate(c->ssl->connection);
3768 if (cert == NULL) {
3769 return NGX_OK;
3770 }
3771
3772 bio = BIO_new(BIO_s_mem());
3773 if (bio == NULL) {
3774 X509_free(cert);
3775 return NGX_ERROR;
3776 }
3777
3778 #if OPENSSL_VERSION_NUMBER > 0x10100000L
3779 ASN1_TIME_print(bio, X509_get0_notBefore(cert));
3780 #else
3781 ASN1_TIME_print(bio, X509_get_notBefore(cert));
3782 #endif
3783
3784 len = BIO_pending(bio);
3785
3786 s->len = len;
3787 s->data = ngx_pnalloc(pool, len);
3788 if (s->data == NULL) {
3789 BIO_free(bio);
3790 X509_free(cert);
3791 return NGX_ERROR;
3792 }
3793
3794 BIO_read(bio, s->data, len);
3795 BIO_free(bio);
3796 X509_free(cert);
3797
3798 return NGX_OK;
3799 }
3800
3801
3802 ngx_int_t
3803 ngx_ssl_get_client_v_end(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
3804 {
3805 BIO *bio;
3806 X509 *cert;
3807 size_t len;
3808
3809 s->len = 0;
3810
3811 cert = SSL_get_peer_certificate(c->ssl->connection);
3812 if (cert == NULL) {
3813 return NGX_OK;
3814 }
3815
3816 bio = BIO_new(BIO_s_mem());
3817 if (bio == NULL) {
3818 X509_free(cert);
3819 return NGX_ERROR;
3820 }
3821
3822 #if OPENSSL_VERSION_NUMBER > 0x10100000L
3823 ASN1_TIME_print(bio, X509_get0_notAfter(cert));
3824 #else
3825 ASN1_TIME_print(bio, X509_get_notAfter(cert));
3826 #endif
3827
3828 len = BIO_pending(bio);
3829
3830 s->len = len;
3831 s->data = ngx_pnalloc(pool, len);
3832 if (s->data == NULL) {
3833 BIO_free(bio);
3834 X509_free(cert);
3835 return NGX_ERROR;
3836 }
3837
3838 BIO_read(bio, s->data, len);
3839 BIO_free(bio);
3840 X509_free(cert);
3841
3842 return NGX_OK;
3843 }
3844
3845
3846 ngx_int_t
3847 ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
3848 {
3849 X509 *cert;
3850 time_t now, end;
3851
3852 s->len = 0;
3853
3854 cert = SSL_get_peer_certificate(c->ssl->connection);
3855 if (cert == NULL) {
3856 return NGX_OK;
3857 }
3858
3859 #if OPENSSL_VERSION_NUMBER > 0x10100000L
3860 end = ngx_ssl_parse_time(X509_get0_notAfter(cert));
3861 #else
3862 end = ngx_ssl_parse_time(X509_get_notAfter(cert));
3863 #endif
3864
3865 if (end == (time_t) NGX_ERROR) {
3866 X509_free(cert);
3867 return NGX_OK;
3868 }
3869
3870 now = ngx_time();
3871
3872 if (end < now + 86400) {
3873 ngx_str_set(s, "0");
3874 X509_free(cert);
3875 return NGX_OK;
3876 }
3877
3878 s->data = ngx_pnalloc(pool, NGX_TIME_T_LEN);
3879 if (s->data == NULL) {
3880 X509_free(cert);
3881 return NGX_ERROR;
3882 }
3883
3884 s->len = ngx_sprintf(s->data, "%T", (end - now) / 86400) - s->data;
3885
3886 X509_free(cert);
3887
3888 return NGX_OK;
3889 }
3890
3891
3892 static time_t
3893 ngx_ssl_parse_time(
3894 #if OPENSSL_VERSION_NUMBER > 0x10100000L
3895 const
3896 #endif
3897 ASN1_TIME *asn1time)
3898 {
3899 BIO *bio;
3900 u_char *value;
3901 size_t len;
3902 time_t time;
3903
3904 /*
3905 * OpenSSL doesn't provide a way to convert ASN1_TIME
3906 * into time_t. To do this, we use ASN1_TIME_print(),
3907 * which uses the "MMM DD HH:MM:SS YYYY [GMT]" format (e.g.,
3908 * "Feb 3 00:55:52 2015 GMT"), and parse the result.
3909 */
3910
3911 bio = BIO_new(BIO_s_mem());
3912 if (bio == NULL) {
3913 return NGX_ERROR;
3914 }
3915
3916 /* fake weekday prepended to match C asctime() format */
3917
3918 BIO_write(bio, "Tue ", sizeof("Tue ") - 1);
3919 ASN1_TIME_print(bio, asn1time);
3920 len = BIO_get_mem_data(bio, &value);
3921
3922 time = ngx_parse_http_time(value, len);
3923
3924 BIO_free(bio);
3925
3926 return time;
3927 }
3928
3929
3752 static void * 3930 static void *
3753 ngx_openssl_create_conf(ngx_cycle_t *cycle) 3931 ngx_openssl_create_conf(ngx_cycle_t *cycle)
3754 { 3932 {
3755 ngx_openssl_conf_t *oscf; 3933 ngx_openssl_conf_t *oscf;
3756 3934