Mercurial > hg > nginx
comparison src/mail/ngx_mail_auth_http_module.c @ 5990:6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Previously, the Auth-SSL-Verify header with the "NONE" value was always passed
to the auth_http script if verification of client certificates is disabled.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 27 Feb 2015 16:28:31 +0300 |
parents | ec01b1d1fff1 |
children | add12ee1d01c |
comparison
equal
deleted
inserted
replaced
5989:ec01b1d1fff1 | 5990:6a7c6973d6fc |
---|---|
1153 ngx_str_t login, passwd; | 1153 ngx_str_t login, passwd; |
1154 #if (NGX_MAIL_SSL) | 1154 #if (NGX_MAIL_SSL) |
1155 ngx_str_t verify, subject, issuer, serial, fingerprint, | 1155 ngx_str_t verify, subject, issuer, serial, fingerprint, |
1156 raw_cert, cert; | 1156 raw_cert, cert; |
1157 ngx_connection_t *c; | 1157 ngx_connection_t *c; |
1158 ngx_mail_ssl_conf_t *sslcf; | |
1158 #endif | 1159 #endif |
1159 ngx_mail_core_srv_conf_t *cscf; | 1160 ngx_mail_core_srv_conf_t *cscf; |
1160 | 1161 |
1161 if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) { | 1162 if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) { |
1162 return NULL; | 1163 return NULL; |
1167 } | 1168 } |
1168 | 1169 |
1169 #if (NGX_MAIL_SSL) | 1170 #if (NGX_MAIL_SSL) |
1170 | 1171 |
1171 c = s->connection; | 1172 c = s->connection; |
1172 | 1173 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); |
1173 if (c->ssl) { | 1174 |
1175 if (c->ssl && sslcf->verify) { | |
1174 | 1176 |
1175 /* certificate details */ | 1177 /* certificate details */ |
1176 | 1178 |
1177 if (ngx_ssl_get_client_verify(c, pool, &verify) != NGX_OK) { | 1179 if (ngx_ssl_get_client_verify(c, pool, &verify) != NGX_OK) { |
1178 return NULL; | 1180 return NULL; |
1337 | 1339 |
1338 if (c->ssl) { | 1340 if (c->ssl) { |
1339 b->last = ngx_cpymem(b->last, "Auth-SSL: on" CRLF, | 1341 b->last = ngx_cpymem(b->last, "Auth-SSL: on" CRLF, |
1340 sizeof("Auth-SSL: on" CRLF) - 1); | 1342 sizeof("Auth-SSL: on" CRLF) - 1); |
1341 | 1343 |
1342 b->last = ngx_cpymem(b->last, "Auth-SSL-Verify: ", | 1344 if (verify.len) { |
1343 sizeof("Auth-SSL-Verify: ") - 1); | 1345 b->last = ngx_cpymem(b->last, "Auth-SSL-Verify: ", |
1344 b->last = ngx_copy(b->last, verify.data, verify.len); | 1346 sizeof("Auth-SSL-Verify: ") - 1); |
1345 *b->last++ = CR; *b->last++ = LF; | 1347 b->last = ngx_copy(b->last, verify.data, verify.len); |
1348 *b->last++ = CR; *b->last++ = LF; | |
1349 } | |
1346 | 1350 |
1347 if (subject.len) { | 1351 if (subject.len) { |
1348 b->last = ngx_cpymem(b->last, "Auth-SSL-Subject: ", | 1352 b->last = ngx_cpymem(b->last, "Auth-SSL-Subject: ", |
1349 sizeof("Auth-SSL-Subject: ") - 1); | 1353 sizeof("Auth-SSL-Subject: ") - 1); |
1350 b->last = ngx_copy(b->last, subject.data, subject.len); | 1354 b->last = ngx_copy(b->last, subject.data, subject.len); |