nginx: src/event/ngx_event_openssl

annotate src/event/ngx_event_openssl_stapling.c @ 6545:a873b4d9cd80

OCSP stapling: staple now stored in certificate, not SSL context.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Thu, 19 May 2016 14:46:32 +0300
parents	458e01ef46e6
children	a2d5d45f1525

rev	line source
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	2 /*
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	3 * Copyright (C) Maxim Dounin
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	4 * Copyright (C) Nginx, Inc.
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	5 */
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	6
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	7
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	8 #include <ngx_config.h>
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	9 #include <ngx_core.h>
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	10 #include <ngx_event.h>
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	11 #include <ngx_event_connect.h>
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	12
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	13
5777 4d092aa2f463 SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP. Piotr Sikora <piotr@cloudflare.com> parents: 5683 diff changeset	14 #if (!defined OPENSSL_NO_OCSP && defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB)
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	15
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	16
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	17 typedef struct {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	18 ngx_str_t staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	19 ngx_msec_t timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	20
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	21 ngx_resolver_t *resolver;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	22 ngx_msec_t resolver_timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	23
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	24 ngx_addr_t *addrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	25 ngx_str_t host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	26 ngx_str_t uri;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	27 in_port_t port;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	28
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	29 SSL_CTX *ssl_ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	30
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	31 X509 *cert;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	32 X509 *issuer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	33
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	34 time_t valid;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	35 time_t refresh;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	36
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	37 unsigned verify:1;
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	38 unsigned loading:1;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	39 } ngx_ssl_stapling_t;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	40
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	41
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	42 typedef struct ngx_ssl_ocsp_ctx_s ngx_ssl_ocsp_ctx_t;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	43
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	44 struct ngx_ssl_ocsp_ctx_s {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	45 X509 *cert;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	46 X509 *issuer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	47
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	48 ngx_uint_t naddrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	49
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	50 ngx_addr_t *addrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	51 ngx_str_t host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	52 ngx_str_t uri;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	53 in_port_t port;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	54
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	55 ngx_resolver_t *resolver;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	56 ngx_msec_t resolver_timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	57
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	58 ngx_msec_t timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	59
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	60 void (handler)(ngx_ssl_ocsp_ctx_t r);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	61 void *data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	62
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	63 ngx_buf_t *request;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	64 ngx_buf_t *response;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	65 ngx_peer_connection_t peer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	66
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	67 ngx_int_t (process)(ngx_ssl_ocsp_ctx_t r);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	68
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	69 ngx_uint_t state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	70
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	71 ngx_uint_t code;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	72 ngx_uint_t count;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	73
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	74 ngx_uint_t done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	75
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	76 u_char *header_name_start;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	77 u_char *header_name_end;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	78 u_char *header_start;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	79 u_char *header_end;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	80
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	81 ngx_pool_t *pool;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	82 ngx_log_t *log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	83 };
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	84
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	85
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	86 static ngx_int_t ngx_ssl_stapling_file(ngx_conf_t cf, ngx_ssl_t ssl,
6544 458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	87 ngx_ssl_stapling_t staple, ngx_str_t file);
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	88 static ngx_int_t ngx_ssl_stapling_issuer(ngx_conf_t cf, ngx_ssl_t ssl,
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	89 ngx_ssl_stapling_t *staple);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	90 static ngx_int_t ngx_ssl_stapling_responder(ngx_conf_t cf, ngx_ssl_t ssl,
6544 458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	91 ngx_ssl_stapling_t staple, ngx_str_t responder);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	92
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	93 static int ngx_ssl_certificate_status_callback(ngx_ssl_conn_t *ssl_conn,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	94 void *data);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	95 static void ngx_ssl_stapling_update(ngx_ssl_stapling_t *staple);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	96 static void ngx_ssl_stapling_ocsp_handler(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	97
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	98 static time_t ngx_ssl_stapling_time(ASN1_GENERALIZEDTIME *asn1time);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	99
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	100 static void ngx_ssl_stapling_cleanup(void *data);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	101
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	102 static ngx_ssl_ocsp_ctx_t *ngx_ssl_ocsp_start(void);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	103 static void ngx_ssl_ocsp_done(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	104 static void ngx_ssl_ocsp_request(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	105 static void ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	106 static void ngx_ssl_ocsp_connect(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	107 static void ngx_ssl_ocsp_write_handler(ngx_event_t *wev);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	108 static void ngx_ssl_ocsp_read_handler(ngx_event_t *rev);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	109 static void ngx_ssl_ocsp_dummy_handler(ngx_event_t *ev);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	110
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	111 static ngx_int_t ngx_ssl_ocsp_create_request(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	112 static ngx_int_t ngx_ssl_ocsp_process_status_line(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	113 static ngx_int_t ngx_ssl_ocsp_parse_status_line(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	114 static ngx_int_t ngx_ssl_ocsp_process_headers(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	115 static ngx_int_t ngx_ssl_ocsp_parse_header_line(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	116 static ngx_int_t ngx_ssl_ocsp_process_body(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	117
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	118 static u_char ngx_ssl_ocsp_log_error(ngx_log_t log, u_char *buf, size_t len);
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	119
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	120
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	121 ngx_int_t
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	122 ngx_ssl_stapling(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *file,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	123 ngx_str_t *responder, ngx_uint_t verify)
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	124 {
6545 a873b4d9cd80 OCSP stapling: staple now stored in certificate, not SSL context. Maxim Dounin <mdounin@mdounin.ru> parents: 6544 diff changeset	125 X509 *cert;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	126 ngx_int_t rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	127 ngx_pool_cleanup_t *cln;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	128 ngx_ssl_stapling_t *staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	129
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	130 staple = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_stapling_t));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	131 if (staple == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	132 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	133 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	134
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	135 cln = ngx_pool_cleanup_add(cf->pool, 0);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	136 if (cln == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	137 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	138 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	139
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	140 cln->handler = ngx_ssl_stapling_cleanup;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	141 cln->data = staple;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	142
6545 a873b4d9cd80 OCSP stapling: staple now stored in certificate, not SSL context. Maxim Dounin <mdounin@mdounin.ru> parents: 6544 diff changeset	143 cert = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index);
a873b4d9cd80 OCSP stapling: staple now stored in certificate, not SSL context. Maxim Dounin <mdounin@mdounin.ru> parents: 6544 diff changeset	144
a873b4d9cd80 OCSP stapling: staple now stored in certificate, not SSL context. Maxim Dounin <mdounin@mdounin.ru> parents: 6544 diff changeset	145 if (X509_set_ex_data(cert, ngx_ssl_stapling_index, staple) == 0) {
a873b4d9cd80 OCSP stapling: staple now stored in certificate, not SSL context. Maxim Dounin <mdounin@mdounin.ru> parents: 6544 diff changeset	146 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "X509_set_ex_data() failed");
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	147 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	148 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	149
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	150 staple->ssl_ctx = ssl->ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	151 staple->timeout = 60000;
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	152 staple->verify = verify;
6545 a873b4d9cd80 OCSP stapling: staple now stored in certificate, not SSL context. Maxim Dounin <mdounin@mdounin.ru> parents: 6544 diff changeset	153 staple->cert = cert;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	154
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	155 if (file->len) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	156 /* use OCSP response from the file */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	157
6544 458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	158 if (ngx_ssl_stapling_file(cf, ssl, staple, file) != NGX_OK) {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	159 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	160 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	161
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	162 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	163 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	164
6544 458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	165 rc = ngx_ssl_stapling_issuer(cf, ssl, staple);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	166
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	167 if (rc == NGX_DECLINED) {
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	168 return NGX_OK;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	169 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	170
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	171 if (rc != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	172 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	173 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	174
6544 458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	175 rc = ngx_ssl_stapling_responder(cf, ssl, staple, responder);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	176
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	177 if (rc == NGX_DECLINED) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	178 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	179 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	180
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	181 if (rc != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	182 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	183 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	184
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	185 done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	186
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	187 SSL_CTX_set_tlsext_status_cb(ssl->ctx, ngx_ssl_certificate_status_callback);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	188 SSL_CTX_set_tlsext_status_arg(ssl->ctx, staple);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	189
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	190 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	191 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	192
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	193
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	194 static ngx_int_t
6544 458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	195 ngx_ssl_stapling_file(ngx_conf_t cf, ngx_ssl_t ssl,
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	196 ngx_ssl_stapling_t staple, ngx_str_t file)
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	197 {
6544 458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	198 BIO *bio;
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	199 int len;
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	200 u_char p, buf;
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	201 OCSP_RESPONSE *response;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	202
5330 314c3d7cc3a5 Backed out f1a91825730a and 7094bd12c1ff. Maxim Dounin <mdounin@mdounin.ru> parents: 5317 diff changeset	203 if (ngx_conf_full_name(cf->cycle, file, 1) != NGX_OK) {
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	204 return NGX_ERROR;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	205 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	206
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	207 bio = BIO_new_file((char *) file->data, "r");
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	208 if (bio == NULL) {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	209 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	210 "BIO_new_file(\"%s\") failed", file->data);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	211 return NGX_ERROR;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	212 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	213
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	214 response = d2i_OCSP_RESPONSE_bio(bio, NULL);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	215 if (response == NULL) {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	216 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	217 "d2i_OCSP_RESPONSE_bio(\"%s\") failed", file->data);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	218 BIO_free(bio);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	219 return NGX_ERROR;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	220 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	221
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	222 len = i2d_OCSP_RESPONSE(response, NULL);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	223 if (len <= 0) {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	224 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	225 "i2d_OCSP_RESPONSE(\"%s\") failed", file->data);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	226 goto failed;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	227 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	228
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	229 buf = ngx_alloc(len, ssl->log);
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	230 if (buf == NULL) {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	231 goto failed;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	232 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	233
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	234 p = buf;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	235 len = i2d_OCSP_RESPONSE(response, &p);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	236 if (len <= 0) {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	237 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	238 "i2d_OCSP_RESPONSE(\"%s\") failed", file->data);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	239 ngx_free(buf);
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	240 goto failed;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	241 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	242
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	243 OCSP_RESPONSE_free(response);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	244 BIO_free(bio);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	245
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	246 staple->staple.data = buf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	247 staple->staple.len = len;
6205 dcae651b2a0c OCSP stapling: fixed ssl_stapling_file (ticket #769). Maxim Dounin <mdounin@mdounin.ru> parents: 6181 diff changeset	248 staple->valid = NGX_MAX_TIME_T_VALUE;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	249
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	250 return NGX_OK;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	251
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	252 failed:
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	253
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	254 OCSP_RESPONSE_free(response);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	255 BIO_free(bio);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	256
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	257 return NGX_ERROR;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	258 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	259
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	260
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	261 static ngx_int_t
6544 458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	262 ngx_ssl_stapling_issuer(ngx_conf_t cf, ngx_ssl_t ssl,
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	263 ngx_ssl_stapling_t *staple)
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	264 {
6544 458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	265 int i, n, rc;
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	266 X509 cert, issuer;
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	267 X509_STORE *store;
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	268 X509_STORE_CTX *store_ctx;
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	269 STACK_OF(X509) *chain;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	270
6545 a873b4d9cd80 OCSP stapling: staple now stored in certificate, not SSL context. Maxim Dounin <mdounin@mdounin.ru> parents: 6544 diff changeset	271 cert = staple->cert;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	272
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	273 #if OPENSSL_VERSION_NUMBER >= 0x10001000L
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	274 SSL_CTX_get_extra_chain_certs(ssl->ctx, &chain);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	275 #else
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	276 chain = ssl->ctx->extra_certs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	277 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	278
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	279 n = sk_X509_num(chain);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	280
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	281 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	282 "SSL get issuer: %d extra certs", n);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	283
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	284 for (i = 0; i < n; i++) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	285 issuer = sk_X509_value(chain, i);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	286 if (X509_check_issued(issuer, cert) == X509_V_OK) {
6491 45f2385a47e6 SSL: X509 was made opaque in OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 6480 diff changeset	287 #if OPENSSL_VERSION_NUMBER >= 0x10100001L
45f2385a47e6 SSL: X509 was made opaque in OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 6480 diff changeset	288 X509_up_ref(issuer);
45f2385a47e6 SSL: X509 was made opaque in OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 6480 diff changeset	289 #else
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	290 CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
6491 45f2385a47e6 SSL: X509 was made opaque in OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 6480 diff changeset	291 #endif
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	292
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	293 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	294 "SSL get issuer: found %p in extra certs", issuer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	295
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	296 staple->issuer = issuer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	297
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	298 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	299 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	300 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	301
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	302 store = SSL_CTX_get_cert_store(ssl->ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	303 if (store == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	304 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	305 "SSL_CTX_get_cert_store() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	306 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	307 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	308
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	309 store_ctx = X509_STORE_CTX_new();
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	310 if (store_ctx == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	311 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	312 "X509_STORE_CTX_new() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	313 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	314 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	315
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	316 if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	317 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	318 "X509_STORE_CTX_init() failed");
6064 ff957cd36860 OCSP stapling: missing free calls. Filipe da Silva <fdasilva@ingima.com> parents: 5777 diff changeset	319 X509_STORE_CTX_free(store_ctx);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	320 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	321 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	322
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	323 rc = X509_STORE_CTX_get1_issuer(&issuer, store_ctx, cert);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	324
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	325 if (rc == -1) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	326 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	327 "X509_STORE_CTX_get1_issuer() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	328 X509_STORE_CTX_free(store_ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	329 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	330 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	331
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	332 if (rc == 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	333 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	334 "\"ssl_stapling\" ignored, issuer certificate not found");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	335 X509_STORE_CTX_free(store_ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	336 return NGX_DECLINED;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	337 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	338
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	339 X509_STORE_CTX_free(store_ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	340
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	341 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	342 "SSL get issuer: found %p in cert store", issuer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	343
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	344 staple->issuer = issuer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	345
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	346 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	347 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	348
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	349
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	350 static ngx_int_t
6544 458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	351 ngx_ssl_stapling_responder(ngx_conf_t cf, ngx_ssl_t ssl,
458e01ef46e6 OCSP stapling: staple provided in arguments. Maxim Dounin <mdounin@mdounin.ru> parents: 6491 diff changeset	352 ngx_ssl_stapling_t staple, ngx_str_t responder)
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	353 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	354 ngx_url_t u;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	355 char *s;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	356 STACK_OF(OPENSSL_STRING) *aia;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	357
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	358 if (responder->len == 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	359
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	360 /* extract OCSP responder URL from certificate */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	361
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	362 aia = X509_get1_ocsp(staple->cert);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	363 if (aia == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	364 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	365 "\"ssl_stapling\" ignored, "
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	366 "no OCSP responder URL in the certificate");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	367 return NGX_DECLINED;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	368 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	369
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	370 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	371 s = sk_OPENSSL_STRING_value(aia, 0);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	372 #else
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	373 s = sk_value(aia, 0);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	374 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	375 if (s == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	376 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	377 "\"ssl_stapling\" ignored, "
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	378 "no OCSP responder URL in the certificate");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	379 X509_email_free(aia);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	380 return NGX_DECLINED;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	381 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	382
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	383 responder->len = ngx_strlen(s);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	384 responder->data = ngx_palloc(cf->pool, responder->len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	385 if (responder->data == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	386 X509_email_free(aia);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	387 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	388 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	389
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	390 ngx_memcpy(responder->data, s, responder->len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	391 X509_email_free(aia);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	392 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	393
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	394 ngx_memzero(&u, sizeof(ngx_url_t));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	395
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	396 u.url = *responder;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	397 u.default_port = 80;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	398 u.uri_part = 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	399
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	400 if (u.url.len > 7
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	401 && ngx_strncasecmp(u.url.data, (u_char *) "http://", 7) == 0)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	402 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	403 u.url.len -= 7;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	404 u.url.data += 7;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	405
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	406 } else {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	407 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	408 "\"ssl_stapling\" ignored, "
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	409 "invalid URL prefix in OCSP responder \"%V\"", &u.url);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	410 return NGX_DECLINED;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	411 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	412
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	413 if (ngx_parse_url(cf->pool, &u) != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	414 if (u.err) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	415 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	416 "\"ssl_stapling\" ignored, "
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	417 "%s in OCSP responder \"%V\"", u.err, &u.url);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	418 return NGX_DECLINED;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	419 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	420
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	421 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	422 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	423
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	424 staple->addrs = u.addrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	425 staple->host = u.host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	426 staple->uri = u.uri;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	427 staple->port = u.port;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	428
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	429 if (staple->uri.len == 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	430 ngx_str_set(&staple->uri, "/");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	431 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	432
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	433 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	434 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	435
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	436
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	437 ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	438 ngx_ssl_stapling_resolver(ngx_conf_t cf, ngx_ssl_t ssl,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	439 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	440 {
6545 a873b4d9cd80 OCSP stapling: staple now stored in certificate, not SSL context. Maxim Dounin <mdounin@mdounin.ru> parents: 6544 diff changeset	441 X509 *cert;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	442 ngx_ssl_stapling_t *staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	443
6545 a873b4d9cd80 OCSP stapling: staple now stored in certificate, not SSL context. Maxim Dounin <mdounin@mdounin.ru> parents: 6544 diff changeset	444 cert = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index);
a873b4d9cd80 OCSP stapling: staple now stored in certificate, not SSL context. Maxim Dounin <mdounin@mdounin.ru> parents: 6544 diff changeset	445 staple = X509_get_ex_data(cert, ngx_ssl_stapling_index);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	446
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	447 staple->resolver = resolver;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	448 staple->resolver_timeout = resolver_timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	449
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	450 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	451 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	452
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	453
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	454 static int
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	455 ngx_ssl_certificate_status_callback(ngx_ssl_conn_t ssl_conn, void data)
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	456 {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	457 int rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	458 u_char *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	459 ngx_connection_t *c;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	460 ngx_ssl_stapling_t *staple;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	461
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	462 c = ngx_ssl_get_connection(ssl_conn);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	463
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	464 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	465 "SSL certificate status callback");
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	466
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	467 staple = data;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	468 rc = SSL_TLSEXT_ERR_NOACK;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	469
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	470 if (staple->staple.len
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	471 && staple->valid >= ngx_time())
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	472 {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	473 /* we have to copy ocsp response as OpenSSL will free it by itself */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	474
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	475 p = OPENSSL_malloc(staple->staple.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	476 if (p == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	477 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "OPENSSL_malloc() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	478 return SSL_TLSEXT_ERR_NOACK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	479 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	480
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	481 ngx_memcpy(p, staple->staple.data, staple->staple.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	482
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	483 SSL_set_tlsext_status_ocsp_resp(ssl_conn, p, staple->staple.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	484
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	485 rc = SSL_TLSEXT_ERR_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	486 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	487
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	488 ngx_ssl_stapling_update(staple);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	489
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	490 return rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	491 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	492
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	493
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	494 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	495 ngx_ssl_stapling_update(ngx_ssl_stapling_t *staple)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	496 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	497 ngx_ssl_ocsp_ctx_t *ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	498
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	499 if (staple->host.len == 0
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	500 \|\| staple->loading \|\| staple->refresh >= ngx_time())
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	501 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	502 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	503 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	504
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	505 staple->loading = 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	506
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	507 ctx = ngx_ssl_ocsp_start();
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	508 if (ctx == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	509 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	510 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	511
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	512 ctx->cert = staple->cert;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	513 ctx->issuer = staple->issuer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	514
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	515 ctx->addrs = staple->addrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	516 ctx->host = staple->host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	517 ctx->uri = staple->uri;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	518 ctx->port = staple->port;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	519 ctx->timeout = staple->timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	520
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	521 ctx->resolver = staple->resolver;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	522 ctx->resolver_timeout = staple->resolver_timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	523
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	524 ctx->handler = ngx_ssl_stapling_ocsp_handler;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	525 ctx->data = staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	526
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	527 ngx_ssl_ocsp_request(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	528
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	529 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	530 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	531
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	532
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	533 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	534 ngx_ssl_stapling_ocsp_handler(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	535 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	536 #if OPENSSL_VERSION_NUMBER >= 0x0090707fL
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	537 const
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	538 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	539 u_char *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	540 int n;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	541 size_t len;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	542 time_t now, valid;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	543 ngx_str_t response;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	544 X509_STORE *store;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	545 STACK_OF(X509) *chain;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	546 OCSP_CERTID *id;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	547 OCSP_RESPONSE *ocsp;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	548 OCSP_BASICRESP *basic;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	549 ngx_ssl_stapling_t *staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	550 ASN1_GENERALIZEDTIME thisupdate, nextupdate;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	551
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	552 staple = ctx->data;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	553 now = ngx_time();
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	554 ocsp = NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	555 basic = NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	556 id = NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	557
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	558 if (ctx->code != 200) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	559 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	560 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	561
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	562 /* check the response */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	563
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	564 len = ctx->response->last - ctx->response->pos;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	565 p = ctx->response->pos;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	566
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	567 ocsp = d2i_OCSP_RESPONSE(NULL, &p, len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	568 if (ocsp == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	569 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	570 "d2i_OCSP_RESPONSE() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	571 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	572 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	573
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	574 n = OCSP_response_status(ocsp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	575
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	576 if (n != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	577 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	578 "OCSP response not successful (%d: %s)",
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	579 n, OCSP_response_status_str(n));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	580 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	581 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	582
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	583 basic = OCSP_response_get1_basic(ocsp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	584 if (basic == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	585 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	586 "OCSP_response_get1_basic() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	587 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	588 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	589
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	590 store = SSL_CTX_get_cert_store(staple->ssl_ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	591 if (store == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	592 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	593 "SSL_CTX_get_cert_store() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	594 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	595 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	596
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	597 #if OPENSSL_VERSION_NUMBER >= 0x10001000L
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	598 SSL_CTX_get_extra_chain_certs(staple->ssl_ctx, &chain);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	599 #else
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	600 chain = staple->ssl_ctx->extra_certs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	601 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	602
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	603 if (OCSP_basic_verify(basic, chain, store,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	604 staple->verify ? OCSP_TRUSTOTHER : OCSP_NOVERIFY)
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	605 != 1)
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	606 {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	607 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	608 "OCSP_basic_verify() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	609 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	610 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	611
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	612 id = OCSP_cert_to_id(NULL, ctx->cert, ctx->issuer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	613 if (id == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	614 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	615 "OCSP_cert_to_id() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	616 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	617 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	618
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	619 if (OCSP_resp_find_status(basic, id, &n, NULL, NULL,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	620 &thisupdate, &nextupdate)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	621 != 1)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	622 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	623 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
5215 cfab1e7e4ac2 OCSP stapling: fix error logging of successful OCSP responses. Piotr Sikora <piotr@cloudflare.com> parents: 4880 diff changeset	624 "certificate status not found in the OCSP response");
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	625 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	626 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	627
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	628 if (n != V_OCSP_CERTSTATUS_GOOD) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	629 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	630 "certificate status \"%s\" in the OCSP response",
5215 cfab1e7e4ac2 OCSP stapling: fix error logging of successful OCSP responses. Piotr Sikora <piotr@cloudflare.com> parents: 4880 diff changeset	631 OCSP_cert_status_str(n));
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	632 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	633 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	634
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	635 if (OCSP_check_validity(thisupdate, nextupdate, 300, -1) != 1) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	636 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	637 "OCSP_check_validity() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	638 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	639 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	640
6206 595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	641 if (nextupdate) {
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	642 valid = ngx_ssl_stapling_time(nextupdate);
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	643 if (valid == (time_t) NGX_ERROR) {
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	644 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	645 "invalid nextUpdate time in certificate status");
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	646 goto error;
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	647 }
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	648
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	649 } else {
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	650 valid = NGX_MAX_TIME_T_VALUE;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	651 }
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	652
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	653 OCSP_CERTID_free(id);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	654 OCSP_BASICRESP_free(basic);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	655 OCSP_RESPONSE_free(ocsp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	656
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	657 id = NULL;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	658 basic = NULL;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	659 ocsp = NULL;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	660
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	661 /* copy the response to memory not in ctx->pool */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	662
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	663 response.len = len;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	664 response.data = ngx_alloc(response.len, ctx->log);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	665
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	666 if (response.data == NULL) {
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	667 goto error;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	668 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	669
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	670 ngx_memcpy(response.data, ctx->response->pos, response.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	671
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	672 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	673 "ssl ocsp response, %s, %uz",
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	674 OCSP_cert_status_str(n), response.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	675
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	676 if (staple->staple.data) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	677 ngx_free(staple->staple.data);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	678 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	679
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	680 staple->staple = response;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	681 staple->valid = valid;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	682
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	683 /*
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	684 * refresh before the response expires,
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	685 * but not earlier than in 5 minutes, and at least in an hour
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	686 */
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	687
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	688 staple->loading = 0;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	689 staple->refresh = ngx_max(ngx_min(valid - 300, now + 3600), now + 300);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	690
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	691 ngx_ssl_ocsp_done(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	692 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	693
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	694 error:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	695
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	696 staple->loading = 0;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	697 staple->refresh = now + 300;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	698
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	699 if (id) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	700 OCSP_CERTID_free(id);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	701 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	702
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	703 if (basic) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	704 OCSP_BASICRESP_free(basic);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	705 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	706
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	707 if (ocsp) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	708 OCSP_RESPONSE_free(ocsp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	709 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	710
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	711 ngx_ssl_ocsp_done(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	712 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	713
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	714
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	715 static time_t
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	716 ngx_ssl_stapling_time(ASN1_GENERALIZEDTIME *asn1time)
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	717 {
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	718 u_char *value;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	719 size_t len;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	720 time_t time;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	721 BIO *bio;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	722
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	723 /*
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	724 * OpenSSL doesn't provide a way to convert ASN1_GENERALIZEDTIME
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	725 * into time_t. To do this, we use ASN1_GENERALIZEDTIME_print(),
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	726 * which uses the "MMM DD HH:MM:SS YYYY [GMT]" format (e.g.,
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	727 * "Feb 3 00:55:52 2015 GMT"), and parse the result.
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	728 */
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	729
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	730 bio = BIO_new(BIO_s_mem());
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	731 if (bio == NULL) {
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	732 return NGX_ERROR;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	733 }
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	734
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	735 /* fake weekday prepended to match C asctime() format */
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	736
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	737 BIO_write(bio, "Tue ", sizeof("Tue ") - 1);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	738 ASN1_GENERALIZEDTIME_print(bio, asn1time);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	739 len = BIO_get_mem_data(bio, &value);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	740
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	741 time = ngx_parse_http_time(value, len);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	742
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	743 BIO_free(bio);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	744
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	745 return time;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	746 }
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	747
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	748
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	749 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	750 ngx_ssl_stapling_cleanup(void *data)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	751 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	752 ngx_ssl_stapling_t *staple = data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	753
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	754 if (staple->issuer) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	755 X509_free(staple->issuer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	756 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	757
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	758 if (staple->staple.data) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	759 ngx_free(staple->staple.data);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	760 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	761 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	762
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	763
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	764 static ngx_ssl_ocsp_ctx_t *
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	765 ngx_ssl_ocsp_start(void)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	766 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	767 ngx_log_t *log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	768 ngx_pool_t *pool;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	769 ngx_ssl_ocsp_ctx_t *ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	770
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	771 pool = ngx_create_pool(2048, ngx_cycle->log);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	772 if (pool == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	773 return NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	774 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	775
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	776 ctx = ngx_pcalloc(pool, sizeof(ngx_ssl_ocsp_ctx_t));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	777 if (ctx == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	778 ngx_destroy_pool(pool);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	779 return NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	780 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	781
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	782 log = ngx_palloc(pool, sizeof(ngx_log_t));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	783 if (log == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	784 ngx_destroy_pool(pool);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	785 return NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	786 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	787
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	788 ctx->pool = pool;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	789
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	790 log = ctx->pool->log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	791
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	792 ctx->pool->log = log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	793 ctx->log = log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	794
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	795 log->handler = ngx_ssl_ocsp_log_error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	796 log->data = ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	797 log->action = "requesting certificate status";
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	798
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	799 return ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	800 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	801
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	802
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	803 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	804 ngx_ssl_ocsp_done(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	805 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	806 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	807 "ssl ocsp done");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	808
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	809 if (ctx->peer.connection) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	810 ngx_close_connection(ctx->peer.connection);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	811 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	812
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	813 ngx_destroy_pool(ctx->pool);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	814 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	815
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	816
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	817 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	818 ngx_ssl_ocsp_error(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	819 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	820 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	821 "ssl ocsp error");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	822
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	823 ctx->code = 0;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	824 ctx->handler(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	825 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	826
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	827
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	828 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	829 ngx_ssl_ocsp_request(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	830 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	831 ngx_resolver_ctx_t *resolve, temp;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	832
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	833 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	834 "ssl ocsp request");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	835
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	836 if (ngx_ssl_ocsp_create_request(ctx) != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	837 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	838 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	839 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	840
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	841 if (ctx->resolver) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	842 /* resolve OCSP responder hostname */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	843
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	844 temp.name = ctx->host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	845
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	846 resolve = ngx_resolve_start(ctx->resolver, &temp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	847 if (resolve == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	848 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	849 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	850 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	851
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	852 if (resolve == NGX_NO_RESOLVER) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	853 ngx_log_error(NGX_LOG_WARN, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	854 "no resolver defined to resolve %V", &ctx->host);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	855 goto connect;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	856 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	857
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	858 resolve->name = ctx->host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	859 resolve->handler = ngx_ssl_ocsp_resolve_handler;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	860 resolve->data = ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	861 resolve->timeout = ctx->resolver_timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	862
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	863 if (ngx_resolve_name(resolve) != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	864 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	865 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	866 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	867
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	868 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	869 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	870
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	871 connect:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	872
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	873 ngx_ssl_ocsp_connect(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	874 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	875
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	876
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	877 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	878 ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	879 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	880 ngx_ssl_ocsp_ctx_t *ctx = resolve->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	881
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	882 u_char *p;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	883 size_t len;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	884 in_port_t port;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	885 socklen_t socklen;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	886 ngx_uint_t i;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	887 struct sockaddr *sockaddr;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	888
5234 a855ae7e6377 OCSP stapling: fixed incorrect debug level. Ruslan Ermilov <ru@nginx.com> parents: 5215 diff changeset	889 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	890 "ssl ocsp resolve handler");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	891
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	892 if (resolve->state) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	893 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	894 "%V could not be resolved (%i: %s)",
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	895 &resolve->name, resolve->state,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	896 ngx_resolver_strerror(resolve->state));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	897 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	898 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	899
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	900 #if (NGX_DEBUG)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	901 {
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	902 u_char text[NGX_SOCKADDR_STRLEN];
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	903 ngx_str_t addr;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	904
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	905 addr.data = text;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	906
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	907 for (i = 0; i < resolve->naddrs; i++) {
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	908 addr.len = ngx_sock_ntop(resolve->addrs[i].sockaddr,
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	909 resolve->addrs[i].socklen,
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	910 text, NGX_SOCKADDR_STRLEN, 0);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	911
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	912 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	913 "name was resolved to %V", &addr);
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	914
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	915 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	916 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	917 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	918
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	919 ctx->naddrs = resolve->naddrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	920 ctx->addrs = ngx_pcalloc(ctx->pool, ctx->naddrs * sizeof(ngx_addr_t));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	921
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	922 if (ctx->addrs == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	923 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	924 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	925
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	926 port = htons(ctx->port);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	927
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	928 for (i = 0; i < resolve->naddrs; i++) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	929
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	930 socklen = resolve->addrs[i].socklen;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	931
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	932 sockaddr = ngx_palloc(ctx->pool, socklen);
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	933 if (sockaddr == NULL) {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	934 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	935 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	936
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	937 ngx_memcpy(sockaddr, resolve->addrs[i].sockaddr, socklen);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	938
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	939 switch (sockaddr->sa_family) {
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	940 #if (NGX_HAVE_INET6)
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	941 case AF_INET6:
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	942 ((struct sockaddr_in6 *) sockaddr)->sin6_port = port;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	943 break;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	944 #endif
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	945 default: /* AF_INET */
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	946 ((struct sockaddr_in *) sockaddr)->sin_port = port;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	947 }
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	948
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	949 ctx->addrs[i].sockaddr = sockaddr;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	950 ctx->addrs[i].socklen = socklen;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	951
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	952 p = ngx_pnalloc(ctx->pool, NGX_SOCKADDR_STRLEN);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	953 if (p == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	954 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	955 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	956
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	957 len = ngx_sock_ntop(sockaddr, socklen, p, NGX_SOCKADDR_STRLEN, 1);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	958
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	959 ctx->addrs[i].name.len = len;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	960 ctx->addrs[i].name.data = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	961 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	962
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	963 ngx_resolve_name_done(resolve);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	964
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	965 ngx_ssl_ocsp_connect(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	966 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	967
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	968 failed:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	969
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	970 ngx_resolve_name_done(resolve);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	971 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	972 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	973
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	974
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	975 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	976 ngx_ssl_ocsp_connect(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	977 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	978 ngx_int_t rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	979
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	980 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	981 "ssl ocsp connect");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	982
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	983 /* TODO: use all ip addresses */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	984
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	985 ctx->peer.sockaddr = ctx->addrs[0].sockaddr;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	986 ctx->peer.socklen = ctx->addrs[0].socklen;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	987 ctx->peer.name = &ctx->addrs[0].name;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	988 ctx->peer.get = ngx_event_get_peer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	989 ctx->peer.log = ctx->log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	990 ctx->peer.log_error = NGX_ERROR_ERR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	991
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	992 rc = ngx_event_connect_peer(&ctx->peer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	993
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	994 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	995 "ssl ocsp connect peer done");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	996
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	997 if (rc == NGX_ERROR \|\| rc == NGX_BUSY \|\| rc == NGX_DECLINED) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	998 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	999 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1000 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1001
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1002 ctx->peer.connection->data = ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1003 ctx->peer.connection->pool = ctx->pool;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1004
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1005 ctx->peer.connection->read->handler = ngx_ssl_ocsp_read_handler;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1006 ctx->peer.connection->write->handler = ngx_ssl_ocsp_write_handler;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1007
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1008 ctx->process = ngx_ssl_ocsp_process_status_line;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1009
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1010 ngx_add_timer(ctx->peer.connection->read, ctx->timeout);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1011 ngx_add_timer(ctx->peer.connection->write, ctx->timeout);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1012
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1013 if (rc == NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1014 ngx_ssl_ocsp_write_handler(ctx->peer.connection->write);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1015 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1016 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1017 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1018
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1019
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1020 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1021 ngx_ssl_ocsp_write_handler(ngx_event_t *wev)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1022 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1023 ssize_t n, size;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1024 ngx_connection_t *c;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1025 ngx_ssl_ocsp_ctx_t *ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1026
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1027 c = wev->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1028 ctx = c->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1029
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1030 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, wev->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1031 "ssl ocsp write handler");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1032
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1033 if (wev->timedout) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1034 ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1035 "OCSP responder timed out");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1036 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1037 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1038 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1039
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1040 size = ctx->request->last - ctx->request->pos;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1041
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1042 n = ngx_send(c, ctx->request->pos, size);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1043
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1044 if (n == NGX_ERROR) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1045 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1046 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1047 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1048
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1049 if (n > 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1050 ctx->request->pos += n;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1051
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1052 if (n == size) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1053 wev->handler = ngx_ssl_ocsp_dummy_handler;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1054
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1055 if (wev->timer_set) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1056 ngx_del_timer(wev);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1057 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1058
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1059 if (ngx_handle_write_event(wev, 0) != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1060 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1061 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1062
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1063 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1064 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1065 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1066
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1067 if (!wev->timer_set) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1068 ngx_add_timer(wev, ctx->timeout);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1069 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1070 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1071
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1072
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1073 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1074 ngx_ssl_ocsp_read_handler(ngx_event_t *rev)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1075 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1076 ssize_t n, size;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1077 ngx_int_t rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1078 ngx_ssl_ocsp_ctx_t *ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1079 ngx_connection_t *c;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1080
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1081 c = rev->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1082 ctx = c->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1083
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1084 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1085 "ssl ocsp read handler");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1086
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1087 if (rev->timedout) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1088 ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1089 "OCSP responder timed out");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1090 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1091 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1092 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1093
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1094 if (ctx->response == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1095 ctx->response = ngx_create_temp_buf(ctx->pool, 16384);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1096 if (ctx->response == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1097 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1098 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1099 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1100 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1101
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1102 for ( ;; ) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1103
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1104 size = ctx->response->end - ctx->response->last;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1105
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1106 n = ngx_recv(c, ctx->response->last, size);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1107
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1108 if (n > 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1109 ctx->response->last += n;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1110
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1111 rc = ctx->process(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1112
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1113 if (rc == NGX_ERROR) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1114 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1115 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1116 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1117
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1118 continue;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1119 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1120
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1121 if (n == NGX_AGAIN) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1122
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1123 if (ngx_handle_read_event(rev, 0) != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1124 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1125 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1126
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1127 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1128 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1129
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1130 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1131 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1132
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1133 ctx->done = 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1134
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1135 rc = ctx->process(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1136
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1137 if (rc == NGX_DONE) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1138 /* ctx->handler() was called */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1139 return;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1140 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1141
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1142 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1143 "OCSP responder prematurely closed connection");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1144
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1145 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1146 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1147
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1148
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1149 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1150 ngx_ssl_ocsp_dummy_handler(ngx_event_t *ev)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1151 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1152 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1153 "ssl ocsp dummy handler");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1154 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1155
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1156
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1157 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1158 ngx_ssl_ocsp_create_request(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1159 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1160 int len;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1161 u_char *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1162 uintptr_t escape;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1163 ngx_str_t binary, base64;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1164 ngx_buf_t *b;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1165 OCSP_CERTID *id;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1166 OCSP_REQUEST *ocsp;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1167
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1168 ocsp = OCSP_REQUEST_new();
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1169 if (ocsp == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1170 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1171 "OCSP_REQUEST_new() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1172 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1173 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1174
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1175 id = OCSP_cert_to_id(NULL, ctx->cert, ctx->issuer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1176 if (id == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1177 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1178 "OCSP_cert_to_id() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1179 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1180 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1181
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1182 if (OCSP_request_add0_id(ocsp, id) == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1183 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1184 "OCSP_request_add0_id() failed");
6064 ff957cd36860 OCSP stapling: missing free calls. Filipe da Silva <fdasilva@ingima.com> parents: 5777 diff changeset	1185 OCSP_CERTID_free(id);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1186 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1187 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1188
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1189 len = i2d_OCSP_REQUEST(ocsp, NULL);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1190 if (len <= 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1191 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1192 "i2d_OCSP_REQUEST() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1193 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1194 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1195
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1196 binary.len = len;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1197 binary.data = ngx_palloc(ctx->pool, len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1198 if (binary.data == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1199 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1200 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1201
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1202 p = binary.data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1203 len = i2d_OCSP_REQUEST(ocsp, &p);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1204 if (len <= 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1205 ngx_ssl_error(NGX_LOG_EMERG, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1206 "i2d_OCSP_REQUEST() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1207 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1208 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1209
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1210 base64.len = ngx_base64_encoded_length(binary.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1211 base64.data = ngx_palloc(ctx->pool, base64.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1212 if (base64.data == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1213 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1214 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1215
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1216 ngx_encode_base64(&base64, &binary);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1217
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1218 escape = ngx_escape_uri(NULL, base64.data, base64.len,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1219 NGX_ESCAPE_URI_COMPONENT);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1220
4880 0254c1a43fe5 OCSP stapling: build fixes. Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	1221 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
0254c1a43fe5 OCSP stapling: build fixes. Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	1222 "ssl ocsp request length %z, escape %d",
6480 f01ab2dbcfdc Fixed logging. Sergey Kandaurov <pluknet@nginx.com> parents: 6206 diff changeset	1223 base64.len, (int) escape);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1224
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1225 len = sizeof("GET ") - 1 + ctx->uri.len + sizeof("/") - 1
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1226 + base64.len + 2 * escape + sizeof(" HTTP/1.0" CRLF) - 1
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1227 + sizeof("Host: ") - 1 + ctx->host.len + sizeof(CRLF) - 1
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1228 + sizeof(CRLF) - 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1229
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1230 b = ngx_create_temp_buf(ctx->pool, len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1231 if (b == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1232 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1233 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1234
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1235 p = b->last;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1236
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1237 p = ngx_cpymem(p, "GET ", sizeof("GET ") - 1);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1238 p = ngx_cpymem(p, ctx->uri.data, ctx->uri.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1239
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1240 if (ctx->uri.data[ctx->uri.len - 1] != '/') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1241 *p++ = '/';
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1242 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1243
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1244 if (escape == 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1245 p = ngx_cpymem(p, base64.data, base64.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1246
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1247 } else {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1248 p = (u_char *) ngx_escape_uri(p, base64.data, base64.len,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1249 NGX_ESCAPE_URI_COMPONENT);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1250 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1251
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1252 p = ngx_cpymem(p, " HTTP/1.0" CRLF, sizeof(" HTTP/1.0" CRLF) - 1);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1253 p = ngx_cpymem(p, "Host: ", sizeof("Host: ") - 1);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1254 p = ngx_cpymem(p, ctx->host.data, ctx->host.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1255 p++ = CR; p++ = LF;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1256
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1257 /* add "\r\n" at the header end */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1258 p++ = CR; p++ = LF;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1259
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1260 b->last = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1261 ctx->request = b;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1262
5683 48c97d83ab7f OCSP stapling: missing OCSP request free call. Filipe da Silva <fdasilvayy@gmail.com> parents: 5477 diff changeset	1263 OCSP_REQUEST_free(ocsp);
48c97d83ab7f OCSP stapling: missing OCSP request free call. Filipe da Silva <fdasilvayy@gmail.com> parents: 5477 diff changeset	1264
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1265 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1266
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1267 failed:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1268
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1269 OCSP_REQUEST_free(ocsp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1270
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1271 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1272 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1273
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1274
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1275 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1276 ngx_ssl_ocsp_process_status_line(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1277 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1278 ngx_int_t rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1279
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1280 rc = ngx_ssl_ocsp_parse_status_line(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1281
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1282 if (rc == NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1283 #if 0
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1284 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1285 "ssl ocsp status line \"%*s\"",
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1286 ctx->response->pos - ctx->response->start,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1287 ctx->response->start);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1288 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1289
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1290 ctx->process = ngx_ssl_ocsp_process_headers;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1291 return ctx->process(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1292 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1293
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1294 if (rc == NGX_AGAIN) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1295 return NGX_AGAIN;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1296 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1297
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1298 /* rc == NGX_ERROR */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1299
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1300 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1301 "OCSP responder sent invalid response");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1302
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1303 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1304 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1305
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1306
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1307 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1308 ngx_ssl_ocsp_parse_status_line(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1309 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1310 u_char ch;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1311 u_char *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1312 ngx_buf_t *b;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1313 enum {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1314 sw_start = 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1315 sw_H,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1316 sw_HT,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1317 sw_HTT,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1318 sw_HTTP,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1319 sw_first_major_digit,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1320 sw_major_digit,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1321 sw_first_minor_digit,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1322 sw_minor_digit,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1323 sw_status,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1324 sw_space_after_status,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1325 sw_status_text,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1326 sw_almost_done
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1327 } state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1328
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1329 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1330 "ssl ocsp process status line");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1331
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1332 state = ctx->state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1333 b = ctx->response;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1334
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1335 for (p = b->pos; p < b->last; p++) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1336 ch = *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1337
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1338 switch (state) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1339
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1340 /* "HTTP/" */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1341 case sw_start:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1342 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1343 case 'H':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1344 state = sw_H;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1345 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1346 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1347 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1348 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1349 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1350
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1351 case sw_H:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1352 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1353 case 'T':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1354 state = sw_HT;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1355 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1356 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1357 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1358 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1359 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1360
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1361 case sw_HT:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1362 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1363 case 'T':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1364 state = sw_HTT;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1365 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1366 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1367 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1368 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1369 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1370
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1371 case sw_HTT:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1372 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1373 case 'P':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1374 state = sw_HTTP;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1375 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1376 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1377 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1378 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1379 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1380
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1381 case sw_HTTP:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1382 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1383 case '/':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1384 state = sw_first_major_digit;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1385 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1386 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1387 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1388 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1389 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1390
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1391 /* the first digit of major HTTP version */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1392 case sw_first_major_digit:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1393 if (ch < '1' \|\| ch > '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1394 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1395 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1396
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1397 state = sw_major_digit;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1398 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1399
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1400 /* the major HTTP version or dot */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1401 case sw_major_digit:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1402 if (ch == '.') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1403 state = sw_first_minor_digit;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1404 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1405 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1406
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1407 if (ch < '0' \|\| ch > '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1408 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1409 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1410
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1411 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1412
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1413 /* the first digit of minor HTTP version */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1414 case sw_first_minor_digit:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1415 if (ch < '0' \|\| ch > '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1416 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1417 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1418
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1419 state = sw_minor_digit;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1420 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1421
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1422 /* the minor HTTP version or the end of the request line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1423 case sw_minor_digit:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1424 if (ch == ' ') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1425 state = sw_status;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1426 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1427 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1428
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1429 if (ch < '0' \|\| ch > '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1430 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1431 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1432
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1433 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1434
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1435 /* HTTP status code */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1436 case sw_status:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1437 if (ch == ' ') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1438 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1439 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1440
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1441 if (ch < '0' \|\| ch > '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1442 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1443 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1444
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1445 ctx->code = ctx->code * 10 + ch - '0';
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1446
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1447 if (++ctx->count == 3) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1448 state = sw_space_after_status;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1449 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1450
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1451 break;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1452
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1453 /* space or end of line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1454 case sw_space_after_status:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1455 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1456 case ' ':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1457 state = sw_status_text;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1458 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1459 case '.': /* IIS may send 403.1, 403.2, etc */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1460 state = sw_status_text;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1461 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1462 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1463 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1464 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1465 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1466 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1467 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1468 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1469 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1470 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1471
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1472 /* any text until end of line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1473 case sw_status_text:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1474 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1475 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1476 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1477 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1478 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1479 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1480 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1481 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1482
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1483 /* end of status line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1484 case sw_almost_done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1485 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1486 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1487 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1488 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1489 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1490 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1491 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1492 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1493
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1494 b->pos = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1495 ctx->state = state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1496
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1497 return NGX_AGAIN;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1498
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1499 done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1500
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1501 b->pos = p + 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1502 ctx->state = sw_start;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1503
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1504 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1505 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1506
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1507
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1508 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1509 ngx_ssl_ocsp_process_headers(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1510 {
4876 1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1511 size_t len;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1512 ngx_int_t rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1513
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1514 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1515 "ssl ocsp process headers");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1516
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1517 for ( ;; ) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1518 rc = ngx_ssl_ocsp_parse_header_line(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1519
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1520 if (rc == NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1521
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1522 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1523 "ssl ocsp header \"%s: %s\"",
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1524 ctx->header_name_end - ctx->header_name_start,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1525 ctx->header_name_start,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1526 ctx->header_end - ctx->header_start,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1527 ctx->header_start);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1528
4876 1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1529 len = ctx->header_name_end - ctx->header_name_start;
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1530
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1531 if (len == sizeof("Content-Type") - 1
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1532 && ngx_strncasecmp(ctx->header_name_start,
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1533 (u_char *) "Content-Type",
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1534 sizeof("Content-Type") - 1)
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1535 == 0)
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1536 {
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1537 len = ctx->header_end - ctx->header_start;
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1538
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1539 if (len != sizeof("application/ocsp-response") - 1
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1540 \|\| ngx_strncasecmp(ctx->header_start,
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1541 (u_char *) "application/ocsp-response",
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1542 sizeof("application/ocsp-response") - 1)
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1543 != 0)
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1544 {
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1545 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1546 "OCSP responder sent invalid "
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1547 "\"Content-Type\" header: \"%*s\"",
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1548 ctx->header_end - ctx->header_start,
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1549 ctx->header_start);
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1550 return NGX_ERROR;
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1551 }
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1552
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1553 continue;
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1554 }
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1555
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1556 /* TODO: honor Content-Length */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1557
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1558 continue;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1559 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1560
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1561 if (rc == NGX_DONE) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1562 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1563 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1564
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1565 if (rc == NGX_AGAIN) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1566 return NGX_AGAIN;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1567 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1568
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1569 /* rc == NGX_ERROR */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1570
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1571 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1572 "OCSP responder sent invalid response");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1573
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1574 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1575 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1576
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1577 ctx->process = ngx_ssl_ocsp_process_body;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1578 return ctx->process(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1579 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1580
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1581 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1582 ngx_ssl_ocsp_parse_header_line(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1583 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1584 u_char c, ch, *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1585 enum {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1586 sw_start = 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1587 sw_name,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1588 sw_space_before_value,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1589 sw_value,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1590 sw_space_after_value,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1591 sw_almost_done,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1592 sw_header_almost_done
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1593 } state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1594
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1595 state = ctx->state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1596
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1597 for (p = ctx->response->pos; p < ctx->response->last; p++) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1598 ch = *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1599
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1600 #if 0
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1601 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1602 "s:%d in:'%02Xd:%c'", state, ch, ch);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1603 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1604
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1605 switch (state) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1606
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1607 /* first char */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1608 case sw_start:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1609
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1610 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1611 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1612 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1613 state = sw_header_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1614 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1615 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1616 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1617 goto header_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1618 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1619 state = sw_name;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1620 ctx->header_name_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1621
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1622 c = (u_char) (ch \| 0x20);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1623 if (c >= 'a' && c <= 'z') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1624 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1625 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1626
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1627 if (ch >= '0' && ch <= '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1628 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1629 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1630
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1631 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1632 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1633 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1634
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1635 /* header name */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1636 case sw_name:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1637 c = (u_char) (ch \| 0x20);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1638 if (c >= 'a' && c <= 'z') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1639 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1640 }
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1641
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1642 if (ch == ':') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1643 ctx->header_name_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1644 state = sw_space_before_value;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1645 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1646 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1647
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1648 if (ch == '-') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1649 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1650 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1651
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1652 if (ch >= '0' && ch <= '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1653 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1654 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1655
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1656 if (ch == CR) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1657 ctx->header_name_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1658 ctx->header_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1659 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1660 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1661 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1662 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1663
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1664 if (ch == LF) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1665 ctx->header_name_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1666 ctx->header_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1667 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1668 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1669 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1670
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1671 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1672
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1673 /* space* before header value */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1674 case sw_space_before_value:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1675 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1676 case ' ':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1677 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1678 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1679 ctx->header_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1680 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1681 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1682 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1683 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1684 ctx->header_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1685 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1686 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1687 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1688 ctx->header_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1689 state = sw_value;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1690 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1691 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1692 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1693
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1694 /* header value */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1695 case sw_value:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1696 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1697 case ' ':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1698 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1699 state = sw_space_after_value;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1700 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1701 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1702 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1703 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1704 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1705 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1706 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1707 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1708 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1709 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1710
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1711 /* space* before end of header line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1712 case sw_space_after_value:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1713 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1714 case ' ':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1715 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1716 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1717 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1718 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1719 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1720 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1721 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1722 state = sw_value;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1723 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1724 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1725 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1726
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1727 /* end of header line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1728 case sw_almost_done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1729 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1730 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1731 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1732 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1733 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1734 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1735
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1736 /* end of header */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1737 case sw_header_almost_done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1738 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1739 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1740 goto header_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1741 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1742 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1743 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1744 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1745 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1746
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1747 ctx->response->pos = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1748 ctx->state = state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1749
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1750 return NGX_AGAIN;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1751
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1752 done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1753
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1754 ctx->response->pos = p + 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1755 ctx->state = sw_start;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1756
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1757 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1758
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1759 header_done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1760
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1761 ctx->response->pos = p + 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1762 ctx->state = sw_start;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1763
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1764 return NGX_DONE;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1765 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1766
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1767
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1768 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1769 ngx_ssl_ocsp_process_body(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1770 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1771 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1772 "ssl ocsp process body");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1773
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1774 if (ctx->done) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1775 ctx->handler(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1776 return NGX_DONE;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1777 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1778
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1779 return NGX_AGAIN;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1780 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1781
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1782
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1783 static u_char *
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1784 ngx_ssl_ocsp_log_error(ngx_log_t log, u_char buf, size_t len)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1785 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1786 u_char *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1787 ngx_ssl_ocsp_ctx_t *ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1788
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1789 p = buf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1790
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1791 if (log->action) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1792 p = ngx_snprintf(buf, len, " while %s", log->action);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1793 len -= p - buf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1794 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1795
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1796 ctx = log->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1797
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1798 if (ctx) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1799 p = ngx_snprintf(p, len, ", responder: %V", &ctx->host);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1800 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1801
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1802 return p;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1803 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1804
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1805
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1806 #else
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1807
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1808
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1809 ngx_int_t
4880 0254c1a43fe5 OCSP stapling: build fixes. Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	1810 ngx_ssl_stapling(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *file,
0254c1a43fe5 OCSP stapling: build fixes. Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	1811 ngx_str_t *responder, ngx_uint_t verify)
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1812 {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1813 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1814 "\"ssl_stapling\" ignored, not supported");
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1815
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1816 return NGX_OK;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1817 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1818
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1819 ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1820 ngx_ssl_stapling_resolver(ngx_conf_t cf, ngx_ssl_t ssl,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1821 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1822 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1823 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1824 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1825
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1826
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1827 #endif

Mercurial > hg > nginx

annotate src/event/ngx_event_openssl_stapling.c @ 6545:a873b4d9cd80