Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 647:95d7da23ea53 release-0.3.45
nginx-0.3.45-RELEASE import
*) Feature: the "ssl_verify_client", "ssl_verify_depth", and
"ssl_client_certificate" directives.
*) Change: the $request_method variable now returns the main request
method.
*) Change: the ° symbol codes were changed in koi-win conversion
table.
*) Feature: the euro and N symbols were added to koi-win conversion
table.
*) Bugfix: if nginx distributed the requests among several backends and
some backend failed, then requests intended for this backend was
directed to one live backend only instead of being distributed among
the rest.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Sat, 06 May 2006 16:28:56 +0000 |
parents | 3f8a2132b93d |
children | cec32b3753ac |
comparison
equal
deleted
inserted
replaced
646:f198dec3e3af | 647:95d7da23ea53 |
---|---|
162 if (ngx_conf_full_name(cf->cycle, key) == NGX_ERROR) { | 162 if (ngx_conf_full_name(cf->cycle, key) == NGX_ERROR) { |
163 return NGX_ERROR; | 163 return NGX_ERROR; |
164 } | 164 } |
165 | 165 |
166 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data, | 166 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data, |
167 SSL_FILETYPE_PEM) == 0) | 167 SSL_FILETYPE_PEM) |
168 == 0) | |
168 { | 169 { |
169 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 170 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
170 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); | 171 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); |
172 return NGX_ERROR; | |
173 } | |
174 | |
175 return NGX_OK; | |
176 } | |
177 | |
178 | |
179 ngx_int_t | |
180 ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert) | |
181 { | |
182 if (ngx_conf_full_name(cf->cycle, cert) == NGX_ERROR) { | |
183 return NGX_ERROR; | |
184 } | |
185 | |
186 if (SSL_CTX_load_verify_locations(ssl->ctx, (char *) cert->data, NULL) | |
187 == 0) | |
188 { | |
189 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
190 "SSL_CTX_load_verify_locations(\"%s\") failed", | |
191 cert->data); | |
171 return NGX_ERROR; | 192 return NGX_ERROR; |
172 } | 193 } |
173 | 194 |
174 return NGX_OK; | 195 return NGX_OK; |
175 } | 196 } |
1021 { | 1042 { |
1022 return (u_char *) SSL_get_cipher_name(c->ssl->connection); | 1043 return (u_char *) SSL_get_cipher_name(c->ssl->connection); |
1023 } | 1044 } |
1024 | 1045 |
1025 | 1046 |
1047 ngx_int_t | |
1048 ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
1049 { | |
1050 char *p; | |
1051 size_t len; | |
1052 X509 *cert; | |
1053 X509_NAME *name; | |
1054 | |
1055 s->len = 0; | |
1056 | |
1057 cert = SSL_get_peer_certificate(c->ssl->connection); | |
1058 | |
1059 if (cert == NULL) { | |
1060 return NGX_OK; | |
1061 } | |
1062 | |
1063 name = X509_get_subject_name(cert); | |
1064 | |
1065 if (name == NULL) { | |
1066 return NGX_ERROR; | |
1067 } | |
1068 | |
1069 p = X509_NAME_oneline(name, NULL, 0); | |
1070 | |
1071 for (len = 0; p[len]; len++) { /* void */ } | |
1072 | |
1073 s->len = len; | |
1074 s->data = ngx_palloc(pool, len); | |
1075 if (s->data == NULL) { | |
1076 OPENSSL_free(p); | |
1077 return NGX_ERROR; | |
1078 } | |
1079 | |
1080 ngx_memcpy(s->data, p, len); | |
1081 | |
1082 OPENSSL_free(p); | |
1083 | |
1084 return NGX_OK; | |
1085 } | |
1086 | |
1087 | |
1088 ngx_int_t | |
1089 ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
1090 { | |
1091 char *p; | |
1092 size_t len; | |
1093 X509 *cert; | |
1094 X509_NAME *name; | |
1095 | |
1096 s->len = 0; | |
1097 | |
1098 cert = SSL_get_peer_certificate(c->ssl->connection); | |
1099 | |
1100 if (cert == NULL) { | |
1101 return NGX_OK; | |
1102 } | |
1103 | |
1104 name = X509_get_issuer_name(cert); | |
1105 | |
1106 if (name == NULL) { | |
1107 return NGX_ERROR; | |
1108 } | |
1109 | |
1110 p = X509_NAME_oneline(name, NULL, 0); | |
1111 | |
1112 for (len = 0; p[len]; len++) { /* void */ } | |
1113 | |
1114 s->len = len; | |
1115 s->data = ngx_palloc(pool, len); | |
1116 if (s->data == NULL) { | |
1117 OPENSSL_free(p); | |
1118 return NGX_ERROR; | |
1119 } | |
1120 | |
1121 ngx_memcpy(s->data, p, len); | |
1122 | |
1123 OPENSSL_free(p); | |
1124 | |
1125 return NGX_OK; | |
1126 } | |
1127 | |
1128 | |
1026 static void * | 1129 static void * |
1027 ngx_openssl_create_conf(ngx_cycle_t *cycle) | 1130 ngx_openssl_create_conf(ngx_cycle_t *cycle) |
1028 { | 1131 { |
1029 ngx_openssl_conf_t *oscf; | 1132 ngx_openssl_conf_t *oscf; |
1030 | 1133 |