Mercurial > hg > nginx-quic
comparison src/http/ngx_http_request.c @ 2994:f33c48457d0c
*) $ssl_client_verify
*) "ssl_verify_client ask" was changed to "ssl_verify_client optional"
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Wed, 22 Jul 2009 17:41:42 +0000 |
parents | f592d466bbda |
children | 66ef86affbb8 |
comparison
equal
deleted
inserted
replaced
2993:f592d466bbda | 2994:f33c48457d0c |
---|---|
1522 X509 *cert; | 1522 X509 *cert; |
1523 ngx_http_ssl_srv_conf_t *sscf; | 1523 ngx_http_ssl_srv_conf_t *sscf; |
1524 | 1524 |
1525 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); | 1525 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); |
1526 | 1526 |
1527 if (sscf->verify == 1) { | 1527 if (sscf->verify) { |
1528 rc = SSL_get_verify_result(c->ssl->connection); | 1528 rc = SSL_get_verify_result(c->ssl->connection); |
1529 | 1529 |
1530 if (rc != X509_V_OK) { | 1530 if (rc != X509_V_OK) { |
1531 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1531 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1532 "client SSL certificate verify error: (%l:%s)", | 1532 "client SSL certificate verify error: (%l:%s)", |
1537 | 1537 |
1538 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); | 1538 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); |
1539 return; | 1539 return; |
1540 } | 1540 } |
1541 | 1541 |
1542 cert = SSL_get_peer_certificate(c->ssl->connection); | 1542 if (sscf->verify == 1) { |
1543 | 1543 cert = SSL_get_peer_certificate(c->ssl->connection); |
1544 if (cert == NULL) { | 1544 |
1545 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1545 if (cert == NULL) { |
1546 "client sent no required SSL certificate"); | 1546 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1547 | 1547 "client sent no required SSL certificate"); |
1548 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | 1548 |
1549 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | |
1549 (SSL_get0_session(c->ssl->connection))); | 1550 (SSL_get0_session(c->ssl->connection))); |
1550 | 1551 |
1551 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); | 1552 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); |
1552 return; | 1553 return; |
1553 } | 1554 } |
1554 | 1555 |
1555 X509_free(cert); | 1556 X509_free(cert); |
1557 } | |
1556 } | 1558 } |
1557 } | 1559 } |
1558 | 1560 |
1559 #endif | 1561 #endif |
1560 | 1562 |