Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 8349:05e0988a6898 quic
Merged with the default branch.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 10 Mar 2021 15:39:01 +0300 |
parents | f61d347158d0 51e6a665523c |
children | 6674a50cbb6c |
comparison
equal
deleted
inserted
replaced
8325:d981c7bd1da7 | 8349:05e0988a6898 |
---|---|
81 | 81 |
82 static time_t ngx_ssl_parse_time( | 82 static time_t ngx_ssl_parse_time( |
83 #if OPENSSL_VERSION_NUMBER > 0x10100000L | 83 #if OPENSSL_VERSION_NUMBER > 0x10100000L |
84 const | 84 const |
85 #endif | 85 #endif |
86 ASN1_TIME *asn1time); | 86 ASN1_TIME *asn1time, ngx_log_t *log); |
87 | 87 |
88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); | 88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | 89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
90 static void ngx_openssl_exit(ngx_cycle_t *cycle); | 90 static void ngx_openssl_exit(ngx_cycle_t *cycle); |
91 | 91 |
1012 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store, | 1012 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store, |
1013 SSL_get_ex_data_X509_STORE_CTX_idx()); | 1013 SSL_get_ex_data_X509_STORE_CTX_idx()); |
1014 | 1014 |
1015 c = ngx_ssl_get_connection(ssl_conn); | 1015 c = ngx_ssl_get_connection(ssl_conn); |
1016 | 1016 |
1017 if (!(c->log->log_level & NGX_LOG_DEBUG_EVENT)) { | |
1018 return 1; | |
1019 } | |
1020 | |
1017 cert = X509_STORE_CTX_get_current_cert(x509_store); | 1021 cert = X509_STORE_CTX_get_current_cert(x509_store); |
1018 err = X509_STORE_CTX_get_error(x509_store); | 1022 err = X509_STORE_CTX_get_error(x509_store); |
1019 depth = X509_STORE_CTX_get_error_depth(x509_store); | 1023 depth = X509_STORE_CTX_get_error_depth(x509_store); |
1020 | 1024 |
1021 sname = X509_get_subject_name(cert); | 1025 sname = X509_get_subject_name(cert); |
1022 subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)"; | 1026 |
1027 if (sname) { | |
1028 subject = X509_NAME_oneline(sname, NULL, 0); | |
1029 if (subject == NULL) { | |
1030 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, | |
1031 "X509_NAME_oneline() failed"); | |
1032 } | |
1033 | |
1034 } else { | |
1035 subject = NULL; | |
1036 } | |
1023 | 1037 |
1024 iname = X509_get_issuer_name(cert); | 1038 iname = X509_get_issuer_name(cert); |
1025 issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)"; | 1039 |
1040 if (iname) { | |
1041 issuer = X509_NAME_oneline(iname, NULL, 0); | |
1042 if (issuer == NULL) { | |
1043 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, | |
1044 "X509_NAME_oneline() failed"); | |
1045 } | |
1046 | |
1047 } else { | |
1048 issuer = NULL; | |
1049 } | |
1026 | 1050 |
1027 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1051 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1028 "verify:%d, error:%d, depth:%d, " | 1052 "verify:%d, error:%d, depth:%d, " |
1029 "subject:\"%s\", issuer:\"%s\"", | 1053 "subject:\"%s\", issuer:\"%s\"", |
1030 ok, err, depth, subject, issuer); | 1054 ok, err, depth, |
1031 | 1055 subject ? subject : "(none)", |
1032 if (sname) { | 1056 issuer ? issuer : "(none)"); |
1057 | |
1058 if (subject) { | |
1033 OPENSSL_free(subject); | 1059 OPENSSL_free(subject); |
1034 } | 1060 } |
1035 | 1061 |
1036 if (iname) { | 1062 if (issuer) { |
1037 OPENSSL_free(issuer); | 1063 OPENSSL_free(issuer); |
1038 } | 1064 } |
1039 #endif | 1065 #endif |
1040 | 1066 |
1041 return 1; | 1067 return 1; |
1945 char buf[129], *s, *d; | 1971 char buf[129], *s, *d; |
1946 #if OPENSSL_VERSION_NUMBER >= 0x10000000L | 1972 #if OPENSSL_VERSION_NUMBER >= 0x10000000L |
1947 const | 1973 const |
1948 #endif | 1974 #endif |
1949 SSL_CIPHER *cipher; | 1975 SSL_CIPHER *cipher; |
1976 | |
1977 if (!(c->log->log_level & NGX_LOG_DEBUG_EVENT)) { | |
1978 return; | |
1979 } | |
1950 | 1980 |
1951 cipher = SSL_get_current_cipher(c->ssl->connection); | 1981 cipher = SSL_get_current_cipher(c->ssl->connection); |
1952 | 1982 |
1953 if (cipher) { | 1983 if (cipher) { |
1954 SSL_CIPHER_description(cipher, &buf[1], 128); | 1984 SSL_CIPHER_description(cipher, &buf[1], 128); |
4800 return NGX_ERROR; | 4830 return NGX_ERROR; |
4801 } | 4831 } |
4802 | 4832 |
4803 bio = BIO_new(BIO_s_mem()); | 4833 bio = BIO_new(BIO_s_mem()); |
4804 if (bio == NULL) { | 4834 if (bio == NULL) { |
4835 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed"); | |
4805 X509_free(cert); | 4836 X509_free(cert); |
4806 return NGX_ERROR; | 4837 return NGX_ERROR; |
4807 } | 4838 } |
4808 | 4839 |
4809 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { | 4840 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { |
4841 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_print_ex() failed"); | |
4810 goto failed; | 4842 goto failed; |
4811 } | 4843 } |
4812 | 4844 |
4813 s->len = BIO_pending(bio); | 4845 s->len = BIO_pending(bio); |
4814 s->data = ngx_pnalloc(pool, s->len); | 4846 s->data = ngx_pnalloc(pool, s->len); |
4852 return NGX_ERROR; | 4884 return NGX_ERROR; |
4853 } | 4885 } |
4854 | 4886 |
4855 bio = BIO_new(BIO_s_mem()); | 4887 bio = BIO_new(BIO_s_mem()); |
4856 if (bio == NULL) { | 4888 if (bio == NULL) { |
4889 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed"); | |
4857 X509_free(cert); | 4890 X509_free(cert); |
4858 return NGX_ERROR; | 4891 return NGX_ERROR; |
4859 } | 4892 } |
4860 | 4893 |
4861 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { | 4894 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { |
4895 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_print_ex() failed"); | |
4862 goto failed; | 4896 goto failed; |
4863 } | 4897 } |
4864 | 4898 |
4865 s->len = BIO_pending(bio); | 4899 s->len = BIO_pending(bio); |
4866 s->data = ngx_pnalloc(pool, s->len); | 4900 s->data = ngx_pnalloc(pool, s->len); |
4905 X509_free(cert); | 4939 X509_free(cert); |
4906 return NGX_ERROR; | 4940 return NGX_ERROR; |
4907 } | 4941 } |
4908 | 4942 |
4909 p = X509_NAME_oneline(name, NULL, 0); | 4943 p = X509_NAME_oneline(name, NULL, 0); |
4944 if (p == NULL) { | |
4945 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_oneline() failed"); | |
4946 X509_free(cert); | |
4947 return NGX_ERROR; | |
4948 } | |
4910 | 4949 |
4911 for (len = 0; p[len]; len++) { /* void */ } | 4950 for (len = 0; p[len]; len++) { /* void */ } |
4912 | 4951 |
4913 s->len = len; | 4952 s->len = len; |
4914 s->data = ngx_pnalloc(pool, len); | 4953 s->data = ngx_pnalloc(pool, len); |
4948 X509_free(cert); | 4987 X509_free(cert); |
4949 return NGX_ERROR; | 4988 return NGX_ERROR; |
4950 } | 4989 } |
4951 | 4990 |
4952 p = X509_NAME_oneline(name, NULL, 0); | 4991 p = X509_NAME_oneline(name, NULL, 0); |
4992 if (p == NULL) { | |
4993 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_oneline() failed"); | |
4994 X509_free(cert); | |
4995 return NGX_ERROR; | |
4996 } | |
4953 | 4997 |
4954 for (len = 0; p[len]; len++) { /* void */ } | 4998 for (len = 0; p[len]; len++) { /* void */ } |
4955 | 4999 |
4956 s->len = len; | 5000 s->len = len; |
4957 s->data = ngx_pnalloc(pool, len); | 5001 s->data = ngx_pnalloc(pool, len); |
4984 return NGX_OK; | 5028 return NGX_OK; |
4985 } | 5029 } |
4986 | 5030 |
4987 bio = BIO_new(BIO_s_mem()); | 5031 bio = BIO_new(BIO_s_mem()); |
4988 if (bio == NULL) { | 5032 if (bio == NULL) { |
5033 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed"); | |
4989 X509_free(cert); | 5034 X509_free(cert); |
4990 return NGX_ERROR; | 5035 return NGX_ERROR; |
4991 } | 5036 } |
4992 | 5037 |
4993 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)); | 5038 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)); |
5022 if (cert == NULL) { | 5067 if (cert == NULL) { |
5023 return NGX_OK; | 5068 return NGX_OK; |
5024 } | 5069 } |
5025 | 5070 |
5026 if (!X509_digest(cert, EVP_sha1(), buf, &len)) { | 5071 if (!X509_digest(cert, EVP_sha1(), buf, &len)) { |
5072 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_digest() failed"); | |
5027 X509_free(cert); | 5073 X509_free(cert); |
5028 return NGX_ERROR; | 5074 return NGX_ERROR; |
5029 } | 5075 } |
5030 | 5076 |
5031 s->len = 2 * len; | 5077 s->len = 2 * len; |
5095 return NGX_OK; | 5141 return NGX_OK; |
5096 } | 5142 } |
5097 | 5143 |
5098 bio = BIO_new(BIO_s_mem()); | 5144 bio = BIO_new(BIO_s_mem()); |
5099 if (bio == NULL) { | 5145 if (bio == NULL) { |
5146 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed"); | |
5100 X509_free(cert); | 5147 X509_free(cert); |
5101 return NGX_ERROR; | 5148 return NGX_ERROR; |
5102 } | 5149 } |
5103 | 5150 |
5104 #if OPENSSL_VERSION_NUMBER > 0x10100000L | 5151 #if OPENSSL_VERSION_NUMBER > 0x10100000L |
5139 return NGX_OK; | 5186 return NGX_OK; |
5140 } | 5187 } |
5141 | 5188 |
5142 bio = BIO_new(BIO_s_mem()); | 5189 bio = BIO_new(BIO_s_mem()); |
5143 if (bio == NULL) { | 5190 if (bio == NULL) { |
5191 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed"); | |
5144 X509_free(cert); | 5192 X509_free(cert); |
5145 return NGX_ERROR; | 5193 return NGX_ERROR; |
5146 } | 5194 } |
5147 | 5195 |
5148 #if OPENSSL_VERSION_NUMBER > 0x10100000L | 5196 #if OPENSSL_VERSION_NUMBER > 0x10100000L |
5181 if (cert == NULL) { | 5229 if (cert == NULL) { |
5182 return NGX_OK; | 5230 return NGX_OK; |
5183 } | 5231 } |
5184 | 5232 |
5185 #if OPENSSL_VERSION_NUMBER > 0x10100000L | 5233 #if OPENSSL_VERSION_NUMBER > 0x10100000L |
5186 end = ngx_ssl_parse_time(X509_get0_notAfter(cert)); | 5234 end = ngx_ssl_parse_time(X509_get0_notAfter(cert), c->log); |
5187 #else | 5235 #else |
5188 end = ngx_ssl_parse_time(X509_get_notAfter(cert)); | 5236 end = ngx_ssl_parse_time(X509_get_notAfter(cert), c->log); |
5189 #endif | 5237 #endif |
5190 | 5238 |
5191 if (end == (time_t) NGX_ERROR) { | 5239 if (end == (time_t) NGX_ERROR) { |
5192 X509_free(cert); | 5240 X509_free(cert); |
5193 return NGX_OK; | 5241 return NGX_OK; |
5218 static time_t | 5266 static time_t |
5219 ngx_ssl_parse_time( | 5267 ngx_ssl_parse_time( |
5220 #if OPENSSL_VERSION_NUMBER > 0x10100000L | 5268 #if OPENSSL_VERSION_NUMBER > 0x10100000L |
5221 const | 5269 const |
5222 #endif | 5270 #endif |
5223 ASN1_TIME *asn1time) | 5271 ASN1_TIME *asn1time, ngx_log_t *log) |
5224 { | 5272 { |
5225 BIO *bio; | 5273 BIO *bio; |
5226 char *value; | 5274 char *value; |
5227 size_t len; | 5275 size_t len; |
5228 time_t time; | 5276 time_t time; |
5234 * "Feb 3 00:55:52 2015 GMT"), and parse the result. | 5282 * "Feb 3 00:55:52 2015 GMT"), and parse the result. |
5235 */ | 5283 */ |
5236 | 5284 |
5237 bio = BIO_new(BIO_s_mem()); | 5285 bio = BIO_new(BIO_s_mem()); |
5238 if (bio == NULL) { | 5286 if (bio == NULL) { |
5287 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "BIO_new() failed"); | |
5239 return NGX_ERROR; | 5288 return NGX_ERROR; |
5240 } | 5289 } |
5241 | 5290 |
5242 /* fake weekday prepended to match C asctime() format */ | 5291 /* fake weekday prepended to match C asctime() format */ |
5243 | 5292 |