Mercurial > hg > nginx-quic
comparison src/http/ngx_http_request.c @ 1924:291689a7e5dc
invalidate SSL session if there is no valid client certificate
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 10 Mar 2008 14:47:07 +0000 |
parents | 22e28e77246b |
children | f32cc6df6bd6 |
comparison
equal
deleted
inserted
replaced
1923:c72fe0a8d9b4 | 1924:291689a7e5dc |
---|---|
1428 | 1428 |
1429 if (rc != X509_V_OK) { | 1429 if (rc != X509_V_OK) { |
1430 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1430 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1431 "client SSL certificate verify error: (%l:%s)", | 1431 "client SSL certificate verify error: (%l:%s)", |
1432 rc, X509_verify_cert_error_string(rc)); | 1432 rc, X509_verify_cert_error_string(rc)); |
1433 | |
1434 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | |
1435 (SSL_get0_session(c->ssl->connection))); | |
1436 | |
1433 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); | 1437 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); |
1434 return; | 1438 return; |
1435 } | 1439 } |
1436 | 1440 |
1437 if (SSL_get_peer_certificate(c->ssl->connection) | 1441 if (SSL_get_peer_certificate(c->ssl->connection) |
1438 == NULL) | 1442 == NULL) |
1439 { | 1443 { |
1440 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1444 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1441 "client sent no required SSL certificate"); | 1445 "client sent no required SSL certificate"); |
1446 | |
1447 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | |
1448 (SSL_get0_session(c->ssl->connection))); | |
1449 | |
1442 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); | 1450 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); |
1443 return; | 1451 return; |
1444 } | 1452 } |
1445 } | 1453 } |
1446 } | 1454 } |