nginx: src/http/ngx_http_request.c comparison

*) $ssl_client_verify *) "ssl_verify_client ask" was changed to "ssl_verify_client optional"

comparison

equal deleted inserted replaced

-:f592d466bbda
+:f33c48457d0c
 X509                     *cert;
 ngx_http_ssl_srv_conf_t  *sscf;
 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
-if (sscf->verify == 1) {
+if (sscf->verify) {
 rc = SSL_get_verify_result(c->ssl->connection);
 if (rc != X509_V_OK) {
 ngx_log_error(NGX_LOG_INFO, c->log, 0,
 "client SSL certificate verify error: (%l:%s)",
 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
 return;
 }
-cert = SSL_get_peer_certificate(c->ssl->connection);
+if (sscf->verify == 1) {
+cert = SSL_get_peer_certificate(c->ssl->connection);
-if (cert == NULL) {
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
+if (cert == NULL) {
-"client sent no required SSL certificate");
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+"client sent no required SSL certificate");
-ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+ngx_ssl_remove_cached_session(sscf->ssl.ctx,
 (SSL_get0_session(c->ssl->connection)));
 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
 return;
 }
 X509_free(cert);
+}
 }
 }
 #endif

Mercurial > hg > nginx