Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 6815:2d15fff64e3c
SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 05 Dec 2016 22:23:23 +0300 |
parents | 379139020d36 |
children | ea93c7d8752a |
comparison
equal
deleted
inserted
replaced
6814:379139020d36 | 6815:2d15fff64e3c |
---|---|
56 #endif | 56 #endif |
57 | 57 |
58 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT | 58 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT |
59 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); | 59 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); |
60 #endif | 60 #endif |
61 | |
62 static time_t ngx_ssl_parse_time( | |
63 #if OPENSSL_VERSION_NUMBER > 0x10100000L | |
64 const | |
65 #endif | |
66 ASN1_TIME *asn1time); | |
61 | 67 |
62 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); | 68 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
63 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | 69 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
64 static void ngx_openssl_exit(ngx_cycle_t *cycle); | 70 static void ngx_openssl_exit(ngx_cycle_t *cycle); |
65 | 71 |
3747 | 3753 |
3748 return NGX_OK; | 3754 return NGX_OK; |
3749 } | 3755 } |
3750 | 3756 |
3751 | 3757 |
3758 ngx_int_t | |
3759 ngx_ssl_get_client_v_start(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
3760 { | |
3761 BIO *bio; | |
3762 X509 *cert; | |
3763 size_t len; | |
3764 | |
3765 s->len = 0; | |
3766 | |
3767 cert = SSL_get_peer_certificate(c->ssl->connection); | |
3768 if (cert == NULL) { | |
3769 return NGX_OK; | |
3770 } | |
3771 | |
3772 bio = BIO_new(BIO_s_mem()); | |
3773 if (bio == NULL) { | |
3774 X509_free(cert); | |
3775 return NGX_ERROR; | |
3776 } | |
3777 | |
3778 #if OPENSSL_VERSION_NUMBER > 0x10100000L | |
3779 ASN1_TIME_print(bio, X509_get0_notBefore(cert)); | |
3780 #else | |
3781 ASN1_TIME_print(bio, X509_get_notBefore(cert)); | |
3782 #endif | |
3783 | |
3784 len = BIO_pending(bio); | |
3785 | |
3786 s->len = len; | |
3787 s->data = ngx_pnalloc(pool, len); | |
3788 if (s->data == NULL) { | |
3789 BIO_free(bio); | |
3790 X509_free(cert); | |
3791 return NGX_ERROR; | |
3792 } | |
3793 | |
3794 BIO_read(bio, s->data, len); | |
3795 BIO_free(bio); | |
3796 X509_free(cert); | |
3797 | |
3798 return NGX_OK; | |
3799 } | |
3800 | |
3801 | |
3802 ngx_int_t | |
3803 ngx_ssl_get_client_v_end(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
3804 { | |
3805 BIO *bio; | |
3806 X509 *cert; | |
3807 size_t len; | |
3808 | |
3809 s->len = 0; | |
3810 | |
3811 cert = SSL_get_peer_certificate(c->ssl->connection); | |
3812 if (cert == NULL) { | |
3813 return NGX_OK; | |
3814 } | |
3815 | |
3816 bio = BIO_new(BIO_s_mem()); | |
3817 if (bio == NULL) { | |
3818 X509_free(cert); | |
3819 return NGX_ERROR; | |
3820 } | |
3821 | |
3822 #if OPENSSL_VERSION_NUMBER > 0x10100000L | |
3823 ASN1_TIME_print(bio, X509_get0_notAfter(cert)); | |
3824 #else | |
3825 ASN1_TIME_print(bio, X509_get_notAfter(cert)); | |
3826 #endif | |
3827 | |
3828 len = BIO_pending(bio); | |
3829 | |
3830 s->len = len; | |
3831 s->data = ngx_pnalloc(pool, len); | |
3832 if (s->data == NULL) { | |
3833 BIO_free(bio); | |
3834 X509_free(cert); | |
3835 return NGX_ERROR; | |
3836 } | |
3837 | |
3838 BIO_read(bio, s->data, len); | |
3839 BIO_free(bio); | |
3840 X509_free(cert); | |
3841 | |
3842 return NGX_OK; | |
3843 } | |
3844 | |
3845 | |
3846 ngx_int_t | |
3847 ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
3848 { | |
3849 X509 *cert; | |
3850 time_t now, end; | |
3851 | |
3852 s->len = 0; | |
3853 | |
3854 cert = SSL_get_peer_certificate(c->ssl->connection); | |
3855 if (cert == NULL) { | |
3856 return NGX_OK; | |
3857 } | |
3858 | |
3859 #if OPENSSL_VERSION_NUMBER > 0x10100000L | |
3860 end = ngx_ssl_parse_time(X509_get0_notAfter(cert)); | |
3861 #else | |
3862 end = ngx_ssl_parse_time(X509_get_notAfter(cert)); | |
3863 #endif | |
3864 | |
3865 if (end == (time_t) NGX_ERROR) { | |
3866 X509_free(cert); | |
3867 return NGX_OK; | |
3868 } | |
3869 | |
3870 now = ngx_time(); | |
3871 | |
3872 if (end < now + 86400) { | |
3873 ngx_str_set(s, "0"); | |
3874 X509_free(cert); | |
3875 return NGX_OK; | |
3876 } | |
3877 | |
3878 s->data = ngx_pnalloc(pool, NGX_TIME_T_LEN); | |
3879 if (s->data == NULL) { | |
3880 X509_free(cert); | |
3881 return NGX_ERROR; | |
3882 } | |
3883 | |
3884 s->len = ngx_sprintf(s->data, "%T", (end - now) / 86400) - s->data; | |
3885 | |
3886 X509_free(cert); | |
3887 | |
3888 return NGX_OK; | |
3889 } | |
3890 | |
3891 | |
3892 static time_t | |
3893 ngx_ssl_parse_time( | |
3894 #if OPENSSL_VERSION_NUMBER > 0x10100000L | |
3895 const | |
3896 #endif | |
3897 ASN1_TIME *asn1time) | |
3898 { | |
3899 BIO *bio; | |
3900 u_char *value; | |
3901 size_t len; | |
3902 time_t time; | |
3903 | |
3904 /* | |
3905 * OpenSSL doesn't provide a way to convert ASN1_TIME | |
3906 * into time_t. To do this, we use ASN1_TIME_print(), | |
3907 * which uses the "MMM DD HH:MM:SS YYYY [GMT]" format (e.g., | |
3908 * "Feb 3 00:55:52 2015 GMT"), and parse the result. | |
3909 */ | |
3910 | |
3911 bio = BIO_new(BIO_s_mem()); | |
3912 if (bio == NULL) { | |
3913 return NGX_ERROR; | |
3914 } | |
3915 | |
3916 /* fake weekday prepended to match C asctime() format */ | |
3917 | |
3918 BIO_write(bio, "Tue ", sizeof("Tue ") - 1); | |
3919 ASN1_TIME_print(bio, asn1time); | |
3920 len = BIO_get_mem_data(bio, &value); | |
3921 | |
3922 time = ngx_parse_http_time(value, len); | |
3923 | |
3924 BIO_free(bio); | |
3925 | |
3926 return time; | |
3927 } | |
3928 | |
3929 | |
3752 static void * | 3930 static void * |
3753 ngx_openssl_create_conf(ngx_cycle_t *cycle) | 3931 ngx_openssl_create_conf(ngx_cycle_t *cycle) |
3754 { | 3932 { |
3755 ngx_openssl_conf_t *oscf; | 3933 ngx_openssl_conf_t *oscf; |
3756 | 3934 |