Mercurial > hg > nginx-vendor-0-7
diff src/http/modules/ngx_http_ssl_module.c @ 220:559bc7ec214e NGINX_0_3_57
nginx 0.3.57
*) Feature: the $ssl_client_serial variable.
*) Bugfix: in the "!-e" operator of the "if" directive.
Thanks to Andrian Budanstov.
*) Bugfix: while a client certificate verification nginx did not send
to a client the required certificates information.
*) Bugfix: the $document_root variable did not support the variables in
the "root" directive.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Wed, 09 Aug 2006 00:00:00 +0400 |
parents | 1bf60f8c5c9e |
children | 29a6403156b0 |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -9,7 +9,8 @@ #include <ngx_http.h> -typedef u_char *(*ngx_ssl_variable_handler_pt)(ngx_connection_t *); +typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, + ngx_pool_t *pool, ngx_str_t *s); #define NGX_DEFLAUT_CERTIFICATE "cert.pem" @@ -17,12 +18,9 @@ typedef u_char *(*ngx_ssl_variable_handl #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" -static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); -static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, +static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); -static ngx_int_t ngx_http_ssl_client_s_dn(ngx_http_request_t *r, - ngx_http_variable_value_t *v, uintptr_t data); -static ngx_int_t ngx_http_ssl_client_i_dn(ngx_http_request_t *r, +static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf); @@ -161,17 +159,20 @@ ngx_module_t ngx_http_ssl_module = { static ngx_http_variable_t ngx_http_ssl_vars[] = { - { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_variable, + { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable, (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGABLE, 0 }, - { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_variable, + { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGABLE, 0 }, - { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_client_s_dn, - 0, NGX_HTTP_VAR_CHANGABLE, 0 }, + { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGABLE, 0 }, - { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_client_i_dn, - 0, NGX_HTTP_VAR_CHANGABLE, 0 }, + { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGABLE, 0 }, + + { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGABLE, 0 }, { ngx_null_string, NULL, NULL, 0, 0, 0 } }; @@ -181,25 +182,23 @@ static u_char ngx_http_session_id_ctx[] static ngx_int_t -ngx_http_ssl_variable(ngx_http_request_t *r, +ngx_http_ssl_static_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { - ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; + ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; - size_t len; - u_char *name; + size_t len; if (r->connection->ssl) { - name = handler(r->connection); + (void) handler(r->connection, NULL, (ngx_str_t *) v); - for (len = 0; name[len]; len++) { /* void */ } + for (len = 0; v->data[len]; len++) { /* void */ } v->len = len; v->valid = 1; v->no_cachable = 0; v->not_found = 0; - v->data = name; return NGX_OK; } @@ -211,39 +210,13 @@ ngx_http_ssl_variable(ngx_http_request_t static ngx_int_t -ngx_http_ssl_client_s_dn(ngx_http_request_t *r, ngx_http_variable_value_t *v, +ngx_http_ssl_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { - if (r->connection->ssl) { - if (ngx_ssl_get_subject_dn(r->connection, r->pool, (ngx_str_t *) v) - != NGX_OK) - { - return NGX_ERROR; - } - - if (v->len) { - v->valid = 1; - v->no_cachable = 0; - v->not_found = 0; + ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; - return NGX_OK; - } - } - - v->not_found = 1; - - return NGX_OK; -} - - -static ngx_int_t -ngx_http_ssl_client_i_dn(ngx_http_request_t *r, ngx_http_variable_value_t *v, - uintptr_t data) -{ if (r->connection->ssl) { - if (ngx_ssl_get_issuer_dn(r->connection, r->pool, (ngx_str_t *) v) - != NGX_OK) - { + if (handler(r->connection, r->pool, (ngx_str_t *) v) != NGX_OK) { return NGX_ERROR; } @@ -385,18 +358,11 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t * } if (conf->verify) { - SSL_CTX_set_verify(conf->ssl.ctx, NGX_SSL_VERIFY, - ngx_http_ssl_verify_callback); - - SSL_CTX_set_verify_depth(conf->ssl.ctx, conf->verify_depth); - - if (conf->client_certificate.len) { - if (ngx_ssl_client_certificate(cf, &conf->ssl, - &conf->client_certificate) - != NGX_OK) - { - return NGX_CONF_ERROR; - } + if (ngx_ssl_client_certificate(cf, &conf->ssl, + &conf->client_certificate, conf->verify_depth) + != NGX_OK) + { + return NGX_CONF_ERROR; } } @@ -424,13 +390,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t * } -static int -ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) -{ - return 1; -} - - #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) static char *