Mercurial > hg > nginx-vendor-0-8
comparison src/event/ngx_event_openssl.c @ 372:6639b93e81b2 NGINX_0_6_30
nginx 0.6.30
*) Change: now if an "include" directive pattern does not match any
file, then nginx does not issue an error.
*) Feature: now the time in directives may be specified without spaces,
for example, "1h50m".
*) Bugfix: memory leaks if the "ssl_verify_client" directive was on.
Thanks to Chavelle Vincent.
*) Bugfix: the "sub_filter" directive might set text to change into
output.
*) Bugfix: the "error_page" directive did not take into account
arguments in redirected URI.
*) Bugfix: now nginx always opens files in binary mode under Cygwin.
*) Bugfix: nginx could not be built on OpenBSD; bug appeared in 0.6.15.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 29 Apr 2008 00:00:00 +0400 |
parents | 9a242235a80a |
children | 820f6378fc00 |
comparison
equal
deleted
inserted
replaced
371:b6a2a305fdad | 372:6639b93e81b2 |
---|---|
283 | 283 |
284 | 284 |
285 static int | 285 static int |
286 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) | 286 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) |
287 { | 287 { |
288 #if (NGX_DEBUG) | |
288 char *subject, *issuer; | 289 char *subject, *issuer; |
289 int err, depth; | 290 int err, depth; |
290 X509 *cert; | 291 X509 *cert; |
291 X509_NAME *name; | 292 X509_NAME *sname, *iname; |
292 ngx_connection_t *c; | 293 ngx_connection_t *c; |
293 ngx_ssl_conn_t *ssl_conn; | 294 ngx_ssl_conn_t *ssl_conn; |
294 | 295 |
295 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store, | 296 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store, |
296 SSL_get_ex_data_X509_STORE_CTX_idx()); | 297 SSL_get_ex_data_X509_STORE_CTX_idx()); |
299 | 300 |
300 cert = X509_STORE_CTX_get_current_cert(x509_store); | 301 cert = X509_STORE_CTX_get_current_cert(x509_store); |
301 err = X509_STORE_CTX_get_error(x509_store); | 302 err = X509_STORE_CTX_get_error(x509_store); |
302 depth = X509_STORE_CTX_get_error_depth(x509_store); | 303 depth = X509_STORE_CTX_get_error_depth(x509_store); |
303 | 304 |
304 name = X509_get_subject_name(cert); | 305 sname = X509_get_subject_name(cert); |
305 subject = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; | 306 subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)"; |
306 | 307 |
307 name = X509_get_issuer_name(cert); | 308 iname = X509_get_issuer_name(cert); |
308 issuer = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; | 309 issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)"; |
309 | 310 |
310 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, | 311 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
311 "verify:%d, error:%d, depth:%d, " | 312 "verify:%d, error:%d, depth:%d, " |
312 "subject:\"%s\",issuer: \"%s\"", | 313 "subject:\"%s\",issuer: \"%s\"", |
313 ok, err, depth, subject, issuer); | 314 ok, err, depth, subject, issuer); |
315 | |
316 if (sname) { | |
317 OPENSSL_free(subject); | |
318 } | |
319 | |
320 if (iname) { | |
321 OPENSSL_free(issuer); | |
322 } | |
323 #endif | |
314 | 324 |
315 return 1; | 325 return 1; |
316 } | 326 } |
317 | 327 |
318 | 328 |
1776 return NGX_OK; | 1786 return NGX_OK; |
1777 } | 1787 } |
1778 | 1788 |
1779 name = X509_get_subject_name(cert); | 1789 name = X509_get_subject_name(cert); |
1780 if (name == NULL) { | 1790 if (name == NULL) { |
1791 X509_free(cert); | |
1781 return NGX_ERROR; | 1792 return NGX_ERROR; |
1782 } | 1793 } |
1783 | 1794 |
1784 p = X509_NAME_oneline(name, NULL, 0); | 1795 p = X509_NAME_oneline(name, NULL, 0); |
1785 | 1796 |
1787 | 1798 |
1788 s->len = len; | 1799 s->len = len; |
1789 s->data = ngx_palloc(pool, len); | 1800 s->data = ngx_palloc(pool, len); |
1790 if (s->data == NULL) { | 1801 if (s->data == NULL) { |
1791 OPENSSL_free(p); | 1802 OPENSSL_free(p); |
1803 X509_free(cert); | |
1792 return NGX_ERROR; | 1804 return NGX_ERROR; |
1793 } | 1805 } |
1794 | 1806 |
1795 ngx_memcpy(s->data, p, len); | 1807 ngx_memcpy(s->data, p, len); |
1796 | 1808 |
1797 OPENSSL_free(p); | 1809 OPENSSL_free(p); |
1810 X509_free(cert); | |
1798 | 1811 |
1799 return NGX_OK; | 1812 return NGX_OK; |
1800 } | 1813 } |
1801 | 1814 |
1802 | 1815 |
1815 return NGX_OK; | 1828 return NGX_OK; |
1816 } | 1829 } |
1817 | 1830 |
1818 name = X509_get_issuer_name(cert); | 1831 name = X509_get_issuer_name(cert); |
1819 if (name == NULL) { | 1832 if (name == NULL) { |
1833 X509_free(cert); | |
1820 return NGX_ERROR; | 1834 return NGX_ERROR; |
1821 } | 1835 } |
1822 | 1836 |
1823 p = X509_NAME_oneline(name, NULL, 0); | 1837 p = X509_NAME_oneline(name, NULL, 0); |
1824 | 1838 |
1826 | 1840 |
1827 s->len = len; | 1841 s->len = len; |
1828 s->data = ngx_palloc(pool, len); | 1842 s->data = ngx_palloc(pool, len); |
1829 if (s->data == NULL) { | 1843 if (s->data == NULL) { |
1830 OPENSSL_free(p); | 1844 OPENSSL_free(p); |
1845 X509_free(cert); | |
1831 return NGX_ERROR; | 1846 return NGX_ERROR; |
1832 } | 1847 } |
1833 | 1848 |
1834 ngx_memcpy(s->data, p, len); | 1849 ngx_memcpy(s->data, p, len); |
1835 | 1850 |
1836 OPENSSL_free(p); | 1851 OPENSSL_free(p); |
1852 X509_free(cert); | |
1837 | 1853 |
1838 return NGX_OK; | 1854 return NGX_OK; |
1839 } | 1855 } |
1840 | 1856 |
1841 | 1857 |
1853 return NGX_OK; | 1869 return NGX_OK; |
1854 } | 1870 } |
1855 | 1871 |
1856 bio = BIO_new(BIO_s_mem()); | 1872 bio = BIO_new(BIO_s_mem()); |
1857 if (bio == NULL) { | 1873 if (bio == NULL) { |
1874 X509_free(cert); | |
1858 return NGX_ERROR; | 1875 return NGX_ERROR; |
1859 } | 1876 } |
1860 | 1877 |
1861 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)); | 1878 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)); |
1862 len = BIO_pending(bio); | 1879 len = BIO_pending(bio); |
1863 | 1880 |
1864 s->len = len; | 1881 s->len = len; |
1865 s->data = ngx_palloc(pool, len); | 1882 s->data = ngx_palloc(pool, len); |
1866 if (s->data == NULL) { | 1883 if (s->data == NULL) { |
1867 BIO_free(bio); | 1884 BIO_free(bio); |
1885 X509_free(cert); | |
1868 return NGX_ERROR; | 1886 return NGX_ERROR; |
1869 } | 1887 } |
1870 | 1888 |
1871 BIO_read(bio, s->data, len); | 1889 BIO_read(bio, s->data, len); |
1872 BIO_free(bio); | 1890 BIO_free(bio); |
1891 X509_free(cert); | |
1873 | 1892 |
1874 return NGX_OK; | 1893 return NGX_OK; |
1875 } | 1894 } |
1876 | 1895 |
1877 | 1896 |