Mercurial > hg > nginx-vendor-current
diff src/http/ngx_http_request.c @ 218:1bf60f8c5c9e NGINX_0_3_56
nginx 0.3.56
*) Feature: the "dav_access" directive.
*) Feature: the "if" directive supports the "-d", "!-d", "-e", "!-e",
"-x", and "!-x" operators.
*) Bugfix: a segmentation fault occurred if an request returned an
redirect and some sent to client header lines were logged in the
access log.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Fri, 04 Aug 2006 00:00:00 +0400 |
parents | fa32d59d9a15 |
children | 559bc7ec214e |
line wrap: on
line diff
--- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1269,34 +1269,6 @@ ngx_http_process_request_header(ngx_http return NGX_ERROR; } -#if (NGX_HTTP_SSL) - - if (r->connection->ssl) { - sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); - - if (sscf->verify) { - rc = SSL_get_verify_result(r->connection->ssl->connection); - - if (rc != X509_V_OK) { - ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client SSL certificate verify error: %l ", rc); - ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); - return NGX_ERROR; - } - - if (SSL_get_peer_certificate(r->connection->ssl->connection) - == NULL) - { - ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent no required SSL certificate"); - ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); - return NGX_ERROR; - } - } - } - -#endif - if (r->headers_in.connection) { if (r->headers_in.connection->value.len == 5 && ngx_strcasecmp(r->headers_in.connection->value.data, "close") @@ -1362,6 +1334,35 @@ ngx_http_process_request_header(ngx_http } } +#if (NGX_HTTP_SSL) + + if (r->connection->ssl) { + sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); + + if (sscf->verify) { + rc = SSL_get_verify_result(r->connection->ssl->connection); + + if (rc != X509_V_OK) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client SSL certificate verify error: (%l:%s) ", + rc, X509_verify_cert_error_string(rc)); + ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); + return NGX_ERROR; + } + + if (SSL_get_peer_certificate(r->connection->ssl->connection) + == NULL) + { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent no required SSL certificate"); + ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); + return NGX_ERROR; + } + } + } + +#endif + return NGX_OK; }