Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 7780:3bed5797a1b7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: added missed error reporting during variables evaluation.
author Maxim Dounin <mdounin@mdounin.ru>
date Sat, 20 Feb 2021 18:02:54 +0300
parents 018a09b766ef
children 51e6a665523c
comparison
equal deleted inserted replaced
7779:018a09b766ef 7780:3bed5797a1b7
81 81
82 static time_t ngx_ssl_parse_time( 82 static time_t ngx_ssl_parse_time(
83 #if OPENSSL_VERSION_NUMBER > 0x10100000L 83 #if OPENSSL_VERSION_NUMBER > 0x10100000L
84 const 84 const
85 #endif 85 #endif
86 ASN1_TIME *asn1time); 86 ASN1_TIME *asn1time, ngx_log_t *log);
87 87
88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); 88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); 89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
90 static void ngx_openssl_exit(ngx_cycle_t *cycle); 90 static void ngx_openssl_exit(ngx_cycle_t *cycle);
91 91
4815 return NGX_ERROR; 4815 return NGX_ERROR;
4816 } 4816 }
4817 4817
4818 bio = BIO_new(BIO_s_mem()); 4818 bio = BIO_new(BIO_s_mem());
4819 if (bio == NULL) { 4819 if (bio == NULL) {
4820 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
4820 X509_free(cert); 4821 X509_free(cert);
4821 return NGX_ERROR; 4822 return NGX_ERROR;
4822 } 4823 }
4823 4824
4824 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { 4825 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) {
4826 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_print_ex() failed");
4825 goto failed; 4827 goto failed;
4826 } 4828 }
4827 4829
4828 s->len = BIO_pending(bio); 4830 s->len = BIO_pending(bio);
4829 s->data = ngx_pnalloc(pool, s->len); 4831 s->data = ngx_pnalloc(pool, s->len);
4867 return NGX_ERROR; 4869 return NGX_ERROR;
4868 } 4870 }
4869 4871
4870 bio = BIO_new(BIO_s_mem()); 4872 bio = BIO_new(BIO_s_mem());
4871 if (bio == NULL) { 4873 if (bio == NULL) {
4874 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
4872 X509_free(cert); 4875 X509_free(cert);
4873 return NGX_ERROR; 4876 return NGX_ERROR;
4874 } 4877 }
4875 4878
4876 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { 4879 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) {
4880 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_print_ex() failed");
4877 goto failed; 4881 goto failed;
4878 } 4882 }
4879 4883
4880 s->len = BIO_pending(bio); 4884 s->len = BIO_pending(bio);
4881 s->data = ngx_pnalloc(pool, s->len); 4885 s->data = ngx_pnalloc(pool, s->len);
5009 return NGX_OK; 5013 return NGX_OK;
5010 } 5014 }
5011 5015
5012 bio = BIO_new(BIO_s_mem()); 5016 bio = BIO_new(BIO_s_mem());
5013 if (bio == NULL) { 5017 if (bio == NULL) {
5018 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
5014 X509_free(cert); 5019 X509_free(cert);
5015 return NGX_ERROR; 5020 return NGX_ERROR;
5016 } 5021 }
5017 5022
5018 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)); 5023 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
5047 if (cert == NULL) { 5052 if (cert == NULL) {
5048 return NGX_OK; 5053 return NGX_OK;
5049 } 5054 }
5050 5055
5051 if (!X509_digest(cert, EVP_sha1(), buf, &len)) { 5056 if (!X509_digest(cert, EVP_sha1(), buf, &len)) {
5057 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_digest() failed");
5052 X509_free(cert); 5058 X509_free(cert);
5053 return NGX_ERROR; 5059 return NGX_ERROR;
5054 } 5060 }
5055 5061
5056 s->len = 2 * len; 5062 s->len = 2 * len;
5120 return NGX_OK; 5126 return NGX_OK;
5121 } 5127 }
5122 5128
5123 bio = BIO_new(BIO_s_mem()); 5129 bio = BIO_new(BIO_s_mem());
5124 if (bio == NULL) { 5130 if (bio == NULL) {
5131 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
5125 X509_free(cert); 5132 X509_free(cert);
5126 return NGX_ERROR; 5133 return NGX_ERROR;
5127 } 5134 }
5128 5135
5129 #if OPENSSL_VERSION_NUMBER > 0x10100000L 5136 #if OPENSSL_VERSION_NUMBER > 0x10100000L
5164 return NGX_OK; 5171 return NGX_OK;
5165 } 5172 }
5166 5173
5167 bio = BIO_new(BIO_s_mem()); 5174 bio = BIO_new(BIO_s_mem());
5168 if (bio == NULL) { 5175 if (bio == NULL) {
5176 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
5169 X509_free(cert); 5177 X509_free(cert);
5170 return NGX_ERROR; 5178 return NGX_ERROR;
5171 } 5179 }
5172 5180
5173 #if OPENSSL_VERSION_NUMBER > 0x10100000L 5181 #if OPENSSL_VERSION_NUMBER > 0x10100000L
5206 if (cert == NULL) { 5214 if (cert == NULL) {
5207 return NGX_OK; 5215 return NGX_OK;
5208 } 5216 }
5209 5217
5210 #if OPENSSL_VERSION_NUMBER > 0x10100000L 5218 #if OPENSSL_VERSION_NUMBER > 0x10100000L
5211 end = ngx_ssl_parse_time(X509_get0_notAfter(cert)); 5219 end = ngx_ssl_parse_time(X509_get0_notAfter(cert), c->log);
5212 #else 5220 #else
5213 end = ngx_ssl_parse_time(X509_get_notAfter(cert)); 5221 end = ngx_ssl_parse_time(X509_get_notAfter(cert), c->log);
5214 #endif 5222 #endif
5215 5223
5216 if (end == (time_t) NGX_ERROR) { 5224 if (end == (time_t) NGX_ERROR) {
5217 X509_free(cert); 5225 X509_free(cert);
5218 return NGX_OK; 5226 return NGX_OK;
5243 static time_t 5251 static time_t
5244 ngx_ssl_parse_time( 5252 ngx_ssl_parse_time(
5245 #if OPENSSL_VERSION_NUMBER > 0x10100000L 5253 #if OPENSSL_VERSION_NUMBER > 0x10100000L
5246 const 5254 const
5247 #endif 5255 #endif
5248 ASN1_TIME *asn1time) 5256 ASN1_TIME *asn1time, ngx_log_t *log)
5249 { 5257 {
5250 BIO *bio; 5258 BIO *bio;
5251 char *value; 5259 char *value;
5252 size_t len; 5260 size_t len;
5253 time_t time; 5261 time_t time;
5259 * "Feb 3 00:55:52 2015 GMT"), and parse the result. 5267 * "Feb 3 00:55:52 2015 GMT"), and parse the result.
5260 */ 5268 */
5261 5269
5262 bio = BIO_new(BIO_s_mem()); 5270 bio = BIO_new(BIO_s_mem());
5263 if (bio == NULL) { 5271 if (bio == NULL) {
5272 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "BIO_new() failed");
5264 return NGX_ERROR; 5273 return NGX_ERROR;
5265 } 5274 }
5266 5275
5267 /* fake weekday prepended to match C asctime() format */ 5276 /* fake weekday prepended to match C asctime() format */
5268 5277