nginx: src/event/ngx_event_openssl

annotate src/event/ngx_event_openssl_stapling.c @ 6536:f7849bfb6d21

Improved EPOLLRDHUP handling. When it's known that the kernel supports EPOLLRDHUP, there is no need in additional recv() call to get EOF or error when the flag is absent in the event generated by the kernel. A special runtime test is done at startup to detect if EPOLLRDHUP is actually supported by the kernel because epoll_ctl() silently ignores unknown flags. With this knowledge it's now possible to drop the "ready" flag for partial read. Previously, the "ready" flag was kept until the recv() returned EOF or error. In particular, this change allows the lingering close heuristics (which relies on the "ready" flag state) to actually work on Linux, and not wait for more data in most cases. The "available" flag is now used in the read event with the semantics similar to the corresponding counter in kqueue.

author	Valentin Bartenev <vbart@nginx.com>
date	Fri, 13 May 2016 17:19:23 +0300
parents	45f2385a47e6
children	458e01ef46e6

rev	line source
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	2 /*
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	3 * Copyright (C) Maxim Dounin
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	4 * Copyright (C) Nginx, Inc.
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	5 */
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	6
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	7
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	8 #include <ngx_config.h>
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	9 #include <ngx_core.h>
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	10 #include <ngx_event.h>
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	11 #include <ngx_event_connect.h>
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	12
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	13
5777 4d092aa2f463 SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP. Piotr Sikora <piotr@cloudflare.com> parents: 5683 diff changeset	14 #if (!defined OPENSSL_NO_OCSP && defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB)
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	15
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	16
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	17 typedef struct {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	18 ngx_str_t staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	19 ngx_msec_t timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	20
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	21 ngx_resolver_t *resolver;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	22 ngx_msec_t resolver_timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	23
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	24 ngx_addr_t *addrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	25 ngx_str_t host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	26 ngx_str_t uri;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	27 in_port_t port;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	28
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	29 SSL_CTX *ssl_ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	30
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	31 X509 *cert;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	32 X509 *issuer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	33
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	34 time_t valid;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	35 time_t refresh;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	36
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	37 unsigned verify:1;
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	38 unsigned loading:1;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	39 } ngx_ssl_stapling_t;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	40
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	41
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	42 typedef struct ngx_ssl_ocsp_ctx_s ngx_ssl_ocsp_ctx_t;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	43
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	44 struct ngx_ssl_ocsp_ctx_s {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	45 X509 *cert;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	46 X509 *issuer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	47
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	48 ngx_uint_t naddrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	49
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	50 ngx_addr_t *addrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	51 ngx_str_t host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	52 ngx_str_t uri;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	53 in_port_t port;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	54
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	55 ngx_resolver_t *resolver;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	56 ngx_msec_t resolver_timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	57
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	58 ngx_msec_t timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	59
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	60 void (handler)(ngx_ssl_ocsp_ctx_t r);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	61 void *data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	62
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	63 ngx_buf_t *request;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	64 ngx_buf_t *response;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	65 ngx_peer_connection_t peer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	66
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	67 ngx_int_t (process)(ngx_ssl_ocsp_ctx_t r);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	68
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	69 ngx_uint_t state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	70
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	71 ngx_uint_t code;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	72 ngx_uint_t count;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	73
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	74 ngx_uint_t done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	75
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	76 u_char *header_name_start;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	77 u_char *header_name_end;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	78 u_char *header_start;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	79 u_char *header_end;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	80
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	81 ngx_pool_t *pool;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	82 ngx_log_t *log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	83 };
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	84
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	85
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	86 static ngx_int_t ngx_ssl_stapling_file(ngx_conf_t cf, ngx_ssl_t ssl,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	87 ngx_str_t *file);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	88 static ngx_int_t ngx_ssl_stapling_issuer(ngx_conf_t cf, ngx_ssl_t ssl);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	89 static ngx_int_t ngx_ssl_stapling_responder(ngx_conf_t cf, ngx_ssl_t ssl,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	90 ngx_str_t *responder);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	91
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	92 static int ngx_ssl_certificate_status_callback(ngx_ssl_conn_t *ssl_conn,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	93 void *data);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	94 static void ngx_ssl_stapling_update(ngx_ssl_stapling_t *staple);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	95 static void ngx_ssl_stapling_ocsp_handler(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	96
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	97 static time_t ngx_ssl_stapling_time(ASN1_GENERALIZEDTIME *asn1time);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	98
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	99 static void ngx_ssl_stapling_cleanup(void *data);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	100
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	101 static ngx_ssl_ocsp_ctx_t *ngx_ssl_ocsp_start(void);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	102 static void ngx_ssl_ocsp_done(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	103 static void ngx_ssl_ocsp_request(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	104 static void ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	105 static void ngx_ssl_ocsp_connect(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	106 static void ngx_ssl_ocsp_write_handler(ngx_event_t *wev);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	107 static void ngx_ssl_ocsp_read_handler(ngx_event_t *rev);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	108 static void ngx_ssl_ocsp_dummy_handler(ngx_event_t *ev);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	109
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	110 static ngx_int_t ngx_ssl_ocsp_create_request(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	111 static ngx_int_t ngx_ssl_ocsp_process_status_line(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	112 static ngx_int_t ngx_ssl_ocsp_parse_status_line(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	113 static ngx_int_t ngx_ssl_ocsp_process_headers(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	114 static ngx_int_t ngx_ssl_ocsp_parse_header_line(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	115 static ngx_int_t ngx_ssl_ocsp_process_body(ngx_ssl_ocsp_ctx_t *ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	116
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	117 static u_char ngx_ssl_ocsp_log_error(ngx_log_t log, u_char *buf, size_t len);
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	118
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	119
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	120 ngx_int_t
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	121 ngx_ssl_stapling(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *file,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	122 ngx_str_t *responder, ngx_uint_t verify)
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	123 {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	124 ngx_int_t rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	125 ngx_pool_cleanup_t *cln;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	126 ngx_ssl_stapling_t *staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	127
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	128 staple = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_stapling_t));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	129 if (staple == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	130 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	131 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	132
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	133 cln = ngx_pool_cleanup_add(cf->pool, 0);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	134 if (cln == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	135 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	136 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	137
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	138 cln->handler = ngx_ssl_stapling_cleanup;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	139 cln->data = staple;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	140
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	141 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_stapling_index, staple)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	142 == 0)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	143 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	144 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	145 "SSL_CTX_set_ex_data() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	146 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	147 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	148
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	149 staple->ssl_ctx = ssl->ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	150 staple->timeout = 60000;
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	151 staple->verify = verify;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	152
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	153 if (file->len) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	154 /* use OCSP response from the file */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	155
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	156 if (ngx_ssl_stapling_file(cf, ssl, file) != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	157 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	158 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	159
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	160 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	161 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	162
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	163 rc = ngx_ssl_stapling_issuer(cf, ssl);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	164
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	165 if (rc == NGX_DECLINED) {
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	166 return NGX_OK;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	167 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	168
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	169 if (rc != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	170 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	171 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	172
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	173 rc = ngx_ssl_stapling_responder(cf, ssl, responder);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	174
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	175 if (rc == NGX_DECLINED) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	176 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	177 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	178
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	179 if (rc != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	180 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	181 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	182
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	183 done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	184
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	185 SSL_CTX_set_tlsext_status_cb(ssl->ctx, ngx_ssl_certificate_status_callback);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	186 SSL_CTX_set_tlsext_status_arg(ssl->ctx, staple);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	187
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	188 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	189 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	190
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	191
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	192 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	193 ngx_ssl_stapling_file(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *file)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	194 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	195 BIO *bio;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	196 int len;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	197 u_char p, buf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	198 OCSP_RESPONSE *response;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	199 ngx_ssl_stapling_t *staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	200
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	201 staple = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_stapling_index);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	202
5330 314c3d7cc3a5 Backed out f1a91825730a and 7094bd12c1ff. Maxim Dounin <mdounin@mdounin.ru> parents: 5317 diff changeset	203 if (ngx_conf_full_name(cf->cycle, file, 1) != NGX_OK) {
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	204 return NGX_ERROR;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	205 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	206
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	207 bio = BIO_new_file((char *) file->data, "r");
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	208 if (bio == NULL) {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	209 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	210 "BIO_new_file(\"%s\") failed", file->data);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	211 return NGX_ERROR;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	212 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	213
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	214 response = d2i_OCSP_RESPONSE_bio(bio, NULL);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	215 if (response == NULL) {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	216 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	217 "d2i_OCSP_RESPONSE_bio(\"%s\") failed", file->data);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	218 BIO_free(bio);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	219 return NGX_ERROR;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	220 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	221
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	222 len = i2d_OCSP_RESPONSE(response, NULL);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	223 if (len <= 0) {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	224 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	225 "i2d_OCSP_RESPONSE(\"%s\") failed", file->data);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	226 goto failed;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	227 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	228
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	229 buf = ngx_alloc(len, ssl->log);
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	230 if (buf == NULL) {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	231 goto failed;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	232 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	233
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	234 p = buf;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	235 len = i2d_OCSP_RESPONSE(response, &p);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	236 if (len <= 0) {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	237 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	238 "i2d_OCSP_RESPONSE(\"%s\") failed", file->data);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	239 ngx_free(buf);
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	240 goto failed;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	241 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	242
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	243 OCSP_RESPONSE_free(response);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	244 BIO_free(bio);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	245
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	246 staple->staple.data = buf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	247 staple->staple.len = len;
6205 dcae651b2a0c OCSP stapling: fixed ssl_stapling_file (ticket #769). Maxim Dounin <mdounin@mdounin.ru> parents: 6181 diff changeset	248 staple->valid = NGX_MAX_TIME_T_VALUE;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	249
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	250 return NGX_OK;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	251
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	252 failed:
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	253
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	254 OCSP_RESPONSE_free(response);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	255 BIO_free(bio);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	256
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	257 return NGX_ERROR;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	258 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	259
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	260
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	261 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	262 ngx_ssl_stapling_issuer(ngx_conf_t cf, ngx_ssl_t ssl)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	263 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	264 int i, n, rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	265 X509 cert, issuer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	266 X509_STORE *store;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	267 X509_STORE_CTX *store_ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	268 STACK_OF(X509) *chain;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	269 ngx_ssl_stapling_t *staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	270
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	271 staple = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_stapling_index);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	272 cert = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	273
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	274 #if OPENSSL_VERSION_NUMBER >= 0x10001000L
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	275 SSL_CTX_get_extra_chain_certs(ssl->ctx, &chain);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	276 #else
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	277 chain = ssl->ctx->extra_certs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	278 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	279
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	280 n = sk_X509_num(chain);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	281
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	282 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	283 "SSL get issuer: %d extra certs", n);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	284
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	285 for (i = 0; i < n; i++) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	286 issuer = sk_X509_value(chain, i);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	287 if (X509_check_issued(issuer, cert) == X509_V_OK) {
6491 45f2385a47e6 SSL: X509 was made opaque in OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 6480 diff changeset	288 #if OPENSSL_VERSION_NUMBER >= 0x10100001L
45f2385a47e6 SSL: X509 was made opaque in OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 6480 diff changeset	289 X509_up_ref(issuer);
45f2385a47e6 SSL: X509 was made opaque in OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 6480 diff changeset	290 #else
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	291 CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
6491 45f2385a47e6 SSL: X509 was made opaque in OpenSSL 1.1.0. Sergey Kandaurov <pluknet@nginx.com> parents: 6480 diff changeset	292 #endif
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	293
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	294 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	295 "SSL get issuer: found %p in extra certs", issuer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	296
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	297 staple->cert = cert;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	298 staple->issuer = issuer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	299
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	300 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	301 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	302 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	303
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	304 store = SSL_CTX_get_cert_store(ssl->ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	305 if (store == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	306 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	307 "SSL_CTX_get_cert_store() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	308 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	309 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	310
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	311 store_ctx = X509_STORE_CTX_new();
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	312 if (store_ctx == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	313 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	314 "X509_STORE_CTX_new() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	315 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	316 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	317
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	318 if (X509_STORE_CTX_init(store_ctx, store, NULL, NULL) == 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	319 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	320 "X509_STORE_CTX_init() failed");
6064 ff957cd36860 OCSP stapling: missing free calls. Filipe da Silva <fdasilva@ingima.com> parents: 5777 diff changeset	321 X509_STORE_CTX_free(store_ctx);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	322 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	323 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	324
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	325 rc = X509_STORE_CTX_get1_issuer(&issuer, store_ctx, cert);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	326
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	327 if (rc == -1) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	328 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	329 "X509_STORE_CTX_get1_issuer() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	330 X509_STORE_CTX_free(store_ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	331 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	332 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	333
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	334 if (rc == 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	335 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	336 "\"ssl_stapling\" ignored, issuer certificate not found");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	337 X509_STORE_CTX_free(store_ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	338 return NGX_DECLINED;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	339 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	340
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	341 X509_STORE_CTX_free(store_ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	342
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	343 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	344 "SSL get issuer: found %p in cert store", issuer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	345
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	346 staple->cert = cert;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	347 staple->issuer = issuer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	348
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	349 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	350 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	351
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	352
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	353 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	354 ngx_ssl_stapling_responder(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *responder)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	355 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	356 ngx_url_t u;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	357 char *s;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	358 ngx_ssl_stapling_t *staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	359 STACK_OF(OPENSSL_STRING) *aia;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	360
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	361 staple = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_stapling_index);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	362
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	363 if (responder->len == 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	364
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	365 /* extract OCSP responder URL from certificate */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	366
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	367 aia = X509_get1_ocsp(staple->cert);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	368 if (aia == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	369 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	370 "\"ssl_stapling\" ignored, "
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	371 "no OCSP responder URL in the certificate");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	372 return NGX_DECLINED;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	373 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	374
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	375 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	376 s = sk_OPENSSL_STRING_value(aia, 0);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	377 #else
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	378 s = sk_value(aia, 0);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	379 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	380 if (s == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	381 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	382 "\"ssl_stapling\" ignored, "
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	383 "no OCSP responder URL in the certificate");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	384 X509_email_free(aia);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	385 return NGX_DECLINED;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	386 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	387
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	388 responder->len = ngx_strlen(s);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	389 responder->data = ngx_palloc(cf->pool, responder->len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	390 if (responder->data == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	391 X509_email_free(aia);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	392 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	393 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	394
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	395 ngx_memcpy(responder->data, s, responder->len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	396 X509_email_free(aia);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	397 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	398
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	399 ngx_memzero(&u, sizeof(ngx_url_t));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	400
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	401 u.url = *responder;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	402 u.default_port = 80;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	403 u.uri_part = 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	404
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	405 if (u.url.len > 7
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	406 && ngx_strncasecmp(u.url.data, (u_char *) "http://", 7) == 0)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	407 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	408 u.url.len -= 7;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	409 u.url.data += 7;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	410
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	411 } else {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	412 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	413 "\"ssl_stapling\" ignored, "
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	414 "invalid URL prefix in OCSP responder \"%V\"", &u.url);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	415 return NGX_DECLINED;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	416 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	417
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	418 if (ngx_parse_url(cf->pool, &u) != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	419 if (u.err) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	420 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	421 "\"ssl_stapling\" ignored, "
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	422 "%s in OCSP responder \"%V\"", u.err, &u.url);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	423 return NGX_DECLINED;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	424 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	425
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	426 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	427 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	428
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	429 staple->addrs = u.addrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	430 staple->host = u.host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	431 staple->uri = u.uri;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	432 staple->port = u.port;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	433
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	434 if (staple->uri.len == 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	435 ngx_str_set(&staple->uri, "/");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	436 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	437
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	438 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	439 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	440
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	441
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	442 ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	443 ngx_ssl_stapling_resolver(ngx_conf_t cf, ngx_ssl_t ssl,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	444 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	445 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	446 ngx_ssl_stapling_t *staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	447
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	448 staple = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_stapling_index);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	449
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	450 staple->resolver = resolver;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	451 staple->resolver_timeout = resolver_timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	452
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	453 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	454 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	455
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	456
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	457 static int
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	458 ngx_ssl_certificate_status_callback(ngx_ssl_conn_t ssl_conn, void data)
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	459 {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	460 int rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	461 u_char *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	462 ngx_connection_t *c;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	463 ngx_ssl_stapling_t *staple;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	464
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	465 c = ngx_ssl_get_connection(ssl_conn);
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	466
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	467 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	468 "SSL certificate status callback");
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	469
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	470 staple = data;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	471 rc = SSL_TLSEXT_ERR_NOACK;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	472
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	473 if (staple->staple.len
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	474 && staple->valid >= ngx_time())
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	475 {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	476 /* we have to copy ocsp response as OpenSSL will free it by itself */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	477
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	478 p = OPENSSL_malloc(staple->staple.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	479 if (p == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	480 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "OPENSSL_malloc() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	481 return SSL_TLSEXT_ERR_NOACK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	482 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	483
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	484 ngx_memcpy(p, staple->staple.data, staple->staple.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	485
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	486 SSL_set_tlsext_status_ocsp_resp(ssl_conn, p, staple->staple.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	487
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	488 rc = SSL_TLSEXT_ERR_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	489 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	490
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	491 ngx_ssl_stapling_update(staple);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	492
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	493 return rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	494 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	495
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	496
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	497 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	498 ngx_ssl_stapling_update(ngx_ssl_stapling_t *staple)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	499 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	500 ngx_ssl_ocsp_ctx_t *ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	501
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	502 if (staple->host.len == 0
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	503 \|\| staple->loading \|\| staple->refresh >= ngx_time())
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	504 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	505 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	506 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	507
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	508 staple->loading = 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	509
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	510 ctx = ngx_ssl_ocsp_start();
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	511 if (ctx == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	512 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	513 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	514
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	515 ctx->cert = staple->cert;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	516 ctx->issuer = staple->issuer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	517
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	518 ctx->addrs = staple->addrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	519 ctx->host = staple->host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	520 ctx->uri = staple->uri;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	521 ctx->port = staple->port;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	522 ctx->timeout = staple->timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	523
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	524 ctx->resolver = staple->resolver;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	525 ctx->resolver_timeout = staple->resolver_timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	526
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	527 ctx->handler = ngx_ssl_stapling_ocsp_handler;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	528 ctx->data = staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	529
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	530 ngx_ssl_ocsp_request(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	531
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	532 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	533 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	534
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	535
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	536 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	537 ngx_ssl_stapling_ocsp_handler(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	538 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	539 #if OPENSSL_VERSION_NUMBER >= 0x0090707fL
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	540 const
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	541 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	542 u_char *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	543 int n;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	544 size_t len;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	545 time_t now, valid;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	546 ngx_str_t response;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	547 X509_STORE *store;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	548 STACK_OF(X509) *chain;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	549 OCSP_CERTID *id;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	550 OCSP_RESPONSE *ocsp;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	551 OCSP_BASICRESP *basic;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	552 ngx_ssl_stapling_t *staple;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	553 ASN1_GENERALIZEDTIME thisupdate, nextupdate;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	554
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	555 staple = ctx->data;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	556 now = ngx_time();
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	557 ocsp = NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	558 basic = NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	559 id = NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	560
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	561 if (ctx->code != 200) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	562 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	563 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	564
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	565 /* check the response */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	566
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	567 len = ctx->response->last - ctx->response->pos;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	568 p = ctx->response->pos;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	569
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	570 ocsp = d2i_OCSP_RESPONSE(NULL, &p, len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	571 if (ocsp == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	572 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	573 "d2i_OCSP_RESPONSE() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	574 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	575 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	576
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	577 n = OCSP_response_status(ocsp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	578
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	579 if (n != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	580 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	581 "OCSP response not successful (%d: %s)",
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	582 n, OCSP_response_status_str(n));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	583 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	584 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	585
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	586 basic = OCSP_response_get1_basic(ocsp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	587 if (basic == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	588 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	589 "OCSP_response_get1_basic() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	590 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	591 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	592
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	593 store = SSL_CTX_get_cert_store(staple->ssl_ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	594 if (store == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	595 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	596 "SSL_CTX_get_cert_store() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	597 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	598 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	599
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	600 #if OPENSSL_VERSION_NUMBER >= 0x10001000L
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	601 SSL_CTX_get_extra_chain_certs(staple->ssl_ctx, &chain);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	602 #else
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	603 chain = staple->ssl_ctx->extra_certs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	604 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	605
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	606 if (OCSP_basic_verify(basic, chain, store,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	607 staple->verify ? OCSP_TRUSTOTHER : OCSP_NOVERIFY)
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	608 != 1)
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4878 diff changeset	609 {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	610 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	611 "OCSP_basic_verify() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	612 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	613 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	614
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	615 id = OCSP_cert_to_id(NULL, ctx->cert, ctx->issuer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	616 if (id == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	617 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	618 "OCSP_cert_to_id() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	619 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	620 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	621
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	622 if (OCSP_resp_find_status(basic, id, &n, NULL, NULL,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	623 &thisupdate, &nextupdate)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	624 != 1)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	625 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	626 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
5215 cfab1e7e4ac2 OCSP stapling: fix error logging of successful OCSP responses. Piotr Sikora <piotr@cloudflare.com> parents: 4880 diff changeset	627 "certificate status not found in the OCSP response");
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	628 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	629 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	630
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	631 if (n != V_OCSP_CERTSTATUS_GOOD) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	632 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	633 "certificate status \"%s\" in the OCSP response",
5215 cfab1e7e4ac2 OCSP stapling: fix error logging of successful OCSP responses. Piotr Sikora <piotr@cloudflare.com> parents: 4880 diff changeset	634 OCSP_cert_status_str(n));
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	635 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	636 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	637
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	638 if (OCSP_check_validity(thisupdate, nextupdate, 300, -1) != 1) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	639 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	640 "OCSP_check_validity() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	641 goto error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	642 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	643
6206 595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	644 if (nextupdate) {
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	645 valid = ngx_ssl_stapling_time(nextupdate);
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	646 if (valid == (time_t) NGX_ERROR) {
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	647 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	648 "invalid nextUpdate time in certificate status");
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	649 goto error;
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	650 }
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	651
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	652 } else {
595b179e429f OCSP stapling: fixed segfault without nextUpdate. Maxim Dounin <mdounin@mdounin.ru> parents: 6205 diff changeset	653 valid = NGX_MAX_TIME_T_VALUE;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	654 }
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	655
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	656 OCSP_CERTID_free(id);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	657 OCSP_BASICRESP_free(basic);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	658 OCSP_RESPONSE_free(ocsp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	659
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	660 id = NULL;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	661 basic = NULL;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	662 ocsp = NULL;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	663
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	664 /* copy the response to memory not in ctx->pool */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	665
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	666 response.len = len;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	667 response.data = ngx_alloc(response.len, ctx->log);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	668
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	669 if (response.data == NULL) {
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	670 goto error;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	671 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	672
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	673 ngx_memcpy(response.data, ctx->response->pos, response.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	674
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	675 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	676 "ssl ocsp response, %s, %uz",
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	677 OCSP_cert_status_str(n), response.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	678
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	679 if (staple->staple.data) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	680 ngx_free(staple->staple.data);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	681 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	682
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	683 staple->staple = response;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	684 staple->valid = valid;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	685
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	686 /*
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	687 * refresh before the response expires,
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	688 * but not earlier than in 5 minutes, and at least in an hour
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	689 */
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	690
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	691 staple->loading = 0;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	692 staple->refresh = ngx_max(ngx_min(valid - 300, now + 3600), now + 300);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	693
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	694 ngx_ssl_ocsp_done(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	695 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	696
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	697 error:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	698
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	699 staple->loading = 0;
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	700 staple->refresh = now + 300;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	701
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	702 if (id) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	703 OCSP_CERTID_free(id);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	704 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	705
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	706 if (basic) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	707 OCSP_BASICRESP_free(basic);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	708 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	709
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	710 if (ocsp) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	711 OCSP_RESPONSE_free(ocsp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	712 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	713
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	714 ngx_ssl_ocsp_done(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	715 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	716
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	717
6181 6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	718 static time_t
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	719 ngx_ssl_stapling_time(ASN1_GENERALIZEDTIME *asn1time)
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	720 {
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	721 u_char *value;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	722 size_t len;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	723 time_t time;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	724 BIO *bio;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	725
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	726 /*
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	727 * OpenSSL doesn't provide a way to convert ASN1_GENERALIZEDTIME
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	728 * into time_t. To do this, we use ASN1_GENERALIZEDTIME_print(),
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	729 * which uses the "MMM DD HH:MM:SS YYYY [GMT]" format (e.g.,
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	730 * "Feb 3 00:55:52 2015 GMT"), and parse the result.
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	731 */
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	732
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	733 bio = BIO_new(BIO_s_mem());
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	734 if (bio == NULL) {
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	735 return NGX_ERROR;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	736 }
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	737
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	738 /* fake weekday prepended to match C asctime() format */
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	739
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	740 BIO_write(bio, "Tue ", sizeof("Tue ") - 1);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	741 ASN1_GENERALIZEDTIME_print(bio, asn1time);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	742 len = BIO_get_mem_data(bio, &value);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	743
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	744 time = ngx_parse_http_time(value, len);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	745
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	746 BIO_free(bio);
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	747
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	748 return time;
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	749 }
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	750
6893a1007a7c OCSP stapling: avoid sending expired responses (ticket #425). Maxim Dounin <mdounin@mdounin.ru> parents: 6064 diff changeset	751
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	752 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	753 ngx_ssl_stapling_cleanup(void *data)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	754 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	755 ngx_ssl_stapling_t *staple = data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	756
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	757 if (staple->issuer) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	758 X509_free(staple->issuer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	759 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	760
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	761 if (staple->staple.data) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	762 ngx_free(staple->staple.data);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	763 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	764 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	765
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	766
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	767 static ngx_ssl_ocsp_ctx_t *
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	768 ngx_ssl_ocsp_start(void)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	769 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	770 ngx_log_t *log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	771 ngx_pool_t *pool;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	772 ngx_ssl_ocsp_ctx_t *ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	773
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	774 pool = ngx_create_pool(2048, ngx_cycle->log);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	775 if (pool == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	776 return NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	777 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	778
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	779 ctx = ngx_pcalloc(pool, sizeof(ngx_ssl_ocsp_ctx_t));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	780 if (ctx == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	781 ngx_destroy_pool(pool);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	782 return NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	783 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	784
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	785 log = ngx_palloc(pool, sizeof(ngx_log_t));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	786 if (log == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	787 ngx_destroy_pool(pool);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	788 return NULL;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	789 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	790
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	791 ctx->pool = pool;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	792
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	793 log = ctx->pool->log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	794
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	795 ctx->pool->log = log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	796 ctx->log = log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	797
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	798 log->handler = ngx_ssl_ocsp_log_error;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	799 log->data = ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	800 log->action = "requesting certificate status";
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	801
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	802 return ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	803 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	804
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	805
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	806 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	807 ngx_ssl_ocsp_done(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	808 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	809 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	810 "ssl ocsp done");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	811
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	812 if (ctx->peer.connection) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	813 ngx_close_connection(ctx->peer.connection);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	814 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	815
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	816 ngx_destroy_pool(ctx->pool);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	817 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	818
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	819
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	820 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	821 ngx_ssl_ocsp_error(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	822 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	823 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	824 "ssl ocsp error");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	825
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	826 ctx->code = 0;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	827 ctx->handler(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	828 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	829
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	830
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	831 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	832 ngx_ssl_ocsp_request(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	833 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	834 ngx_resolver_ctx_t *resolve, temp;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	835
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	836 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	837 "ssl ocsp request");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	838
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	839 if (ngx_ssl_ocsp_create_request(ctx) != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	840 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	841 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	842 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	843
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	844 if (ctx->resolver) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	845 /* resolve OCSP responder hostname */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	846
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	847 temp.name = ctx->host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	848
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	849 resolve = ngx_resolve_start(ctx->resolver, &temp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	850 if (resolve == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	851 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	852 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	853 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	854
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	855 if (resolve == NGX_NO_RESOLVER) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	856 ngx_log_error(NGX_LOG_WARN, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	857 "no resolver defined to resolve %V", &ctx->host);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	858 goto connect;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	859 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	860
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	861 resolve->name = ctx->host;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	862 resolve->handler = ngx_ssl_ocsp_resolve_handler;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	863 resolve->data = ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	864 resolve->timeout = ctx->resolver_timeout;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	865
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	866 if (ngx_resolve_name(resolve) != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	867 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	868 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	869 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	870
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	871 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	872 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	873
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	874 connect:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	875
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	876 ngx_ssl_ocsp_connect(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	877 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	878
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	879
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	880 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	881 ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	882 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	883 ngx_ssl_ocsp_ctx_t *ctx = resolve->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	884
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	885 u_char *p;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	886 size_t len;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	887 in_port_t port;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	888 socklen_t socklen;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	889 ngx_uint_t i;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	890 struct sockaddr *sockaddr;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	891
5234 a855ae7e6377 OCSP stapling: fixed incorrect debug level. Ruslan Ermilov <ru@nginx.com> parents: 5215 diff changeset	892 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	893 "ssl ocsp resolve handler");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	894
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	895 if (resolve->state) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	896 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	897 "%V could not be resolved (%i: %s)",
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	898 &resolve->name, resolve->state,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	899 ngx_resolver_strerror(resolve->state));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	900 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	901 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	902
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	903 #if (NGX_DEBUG)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	904 {
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	905 u_char text[NGX_SOCKADDR_STRLEN];
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	906 ngx_str_t addr;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	907
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	908 addr.data = text;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	909
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	910 for (i = 0; i < resolve->naddrs; i++) {
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	911 addr.len = ngx_sock_ntop(resolve->addrs[i].sockaddr,
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	912 resolve->addrs[i].socklen,
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	913 text, NGX_SOCKADDR_STRLEN, 0);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	914
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	915 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	916 "name was resolved to %V", &addr);
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	917
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	918 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	919 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	920 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	921
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	922 ctx->naddrs = resolve->naddrs;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	923 ctx->addrs = ngx_pcalloc(ctx->pool, ctx->naddrs * sizeof(ngx_addr_t));
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	924
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	925 if (ctx->addrs == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	926 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	927 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	928
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	929 port = htons(ctx->port);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	930
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	931 for (i = 0; i < resolve->naddrs; i++) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	932
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	933 socklen = resolve->addrs[i].socklen;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	934
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	935 sockaddr = ngx_palloc(ctx->pool, socklen);
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	936 if (sockaddr == NULL) {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	937 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	938 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	939
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	940 ngx_memcpy(sockaddr, resolve->addrs[i].sockaddr, socklen);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	941
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	942 switch (sockaddr->sa_family) {
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	943 #if (NGX_HAVE_INET6)
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	944 case AF_INET6:
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	945 ((struct sockaddr_in6 *) sockaddr)->sin6_port = port;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	946 break;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	947 #endif
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	948 default: /* AF_INET */
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	949 ((struct sockaddr_in *) sockaddr)->sin_port = port;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	950 }
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	951
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	952 ctx->addrs[i].sockaddr = sockaddr;
07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	953 ctx->addrs[i].socklen = socklen;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	954
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	955 p = ngx_pnalloc(ctx->pool, NGX_SOCKADDR_STRLEN);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	956 if (p == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	957 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	958 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	959
5475 07dd5bd222ac Changed resolver API to use ngx_addr_t. Ruslan Ermilov <ru@nginx.com> parents: 5330 diff changeset	960 len = ngx_sock_ntop(sockaddr, socklen, p, NGX_SOCKADDR_STRLEN, 1);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	961
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	962 ctx->addrs[i].name.len = len;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	963 ctx->addrs[i].name.data = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	964 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	965
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	966 ngx_resolve_name_done(resolve);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	967
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	968 ngx_ssl_ocsp_connect(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	969 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	970
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	971 failed:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	972
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	973 ngx_resolve_name_done(resolve);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	974 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	975 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	976
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	977
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	978 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	979 ngx_ssl_ocsp_connect(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	980 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	981 ngx_int_t rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	982
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	983 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	984 "ssl ocsp connect");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	985
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	986 /* TODO: use all ip addresses */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	987
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	988 ctx->peer.sockaddr = ctx->addrs[0].sockaddr;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	989 ctx->peer.socklen = ctx->addrs[0].socklen;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	990 ctx->peer.name = &ctx->addrs[0].name;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	991 ctx->peer.get = ngx_event_get_peer;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	992 ctx->peer.log = ctx->log;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	993 ctx->peer.log_error = NGX_ERROR_ERR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	994
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	995 rc = ngx_event_connect_peer(&ctx->peer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	996
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	997 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	998 "ssl ocsp connect peer done");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	999
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1000 if (rc == NGX_ERROR \|\| rc == NGX_BUSY \|\| rc == NGX_DECLINED) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1001 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1002 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1003 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1004
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1005 ctx->peer.connection->data = ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1006 ctx->peer.connection->pool = ctx->pool;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1007
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1008 ctx->peer.connection->read->handler = ngx_ssl_ocsp_read_handler;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1009 ctx->peer.connection->write->handler = ngx_ssl_ocsp_write_handler;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1010
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1011 ctx->process = ngx_ssl_ocsp_process_status_line;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1012
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1013 ngx_add_timer(ctx->peer.connection->read, ctx->timeout);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1014 ngx_add_timer(ctx->peer.connection->write, ctx->timeout);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1015
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1016 if (rc == NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1017 ngx_ssl_ocsp_write_handler(ctx->peer.connection->write);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1018 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1019 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1020 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1021
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1022
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1023 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1024 ngx_ssl_ocsp_write_handler(ngx_event_t *wev)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1025 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1026 ssize_t n, size;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1027 ngx_connection_t *c;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1028 ngx_ssl_ocsp_ctx_t *ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1029
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1030 c = wev->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1031 ctx = c->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1032
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1033 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, wev->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1034 "ssl ocsp write handler");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1035
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1036 if (wev->timedout) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1037 ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1038 "OCSP responder timed out");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1039 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1040 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1041 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1042
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1043 size = ctx->request->last - ctx->request->pos;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1044
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1045 n = ngx_send(c, ctx->request->pos, size);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1046
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1047 if (n == NGX_ERROR) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1048 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1049 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1050 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1051
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1052 if (n > 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1053 ctx->request->pos += n;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1054
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1055 if (n == size) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1056 wev->handler = ngx_ssl_ocsp_dummy_handler;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1057
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1058 if (wev->timer_set) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1059 ngx_del_timer(wev);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1060 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1061
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1062 if (ngx_handle_write_event(wev, 0) != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1063 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1064 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1065
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1066 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1067 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1068 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1069
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1070 if (!wev->timer_set) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1071 ngx_add_timer(wev, ctx->timeout);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1072 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1073 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1074
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1075
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1076 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1077 ngx_ssl_ocsp_read_handler(ngx_event_t *rev)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1078 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1079 ssize_t n, size;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1080 ngx_int_t rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1081 ngx_ssl_ocsp_ctx_t *ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1082 ngx_connection_t *c;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1083
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1084 c = rev->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1085 ctx = c->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1086
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1087 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1088 "ssl ocsp read handler");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1089
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1090 if (rev->timedout) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1091 ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1092 "OCSP responder timed out");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1093 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1094 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1095 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1096
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1097 if (ctx->response == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1098 ctx->response = ngx_create_temp_buf(ctx->pool, 16384);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1099 if (ctx->response == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1100 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1101 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1102 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1103 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1104
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1105 for ( ;; ) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1106
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1107 size = ctx->response->end - ctx->response->last;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1108
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1109 n = ngx_recv(c, ctx->response->last, size);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1110
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1111 if (n > 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1112 ctx->response->last += n;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1113
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1114 rc = ctx->process(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1115
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1116 if (rc == NGX_ERROR) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1117 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1118 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1119 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1120
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1121 continue;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1122 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1123
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1124 if (n == NGX_AGAIN) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1125
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1126 if (ngx_handle_read_event(rev, 0) != NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1127 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1128 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1129
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1130 return;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1131 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1132
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1133 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1134 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1135
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1136 ctx->done = 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1137
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1138 rc = ctx->process(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1139
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1140 if (rc == NGX_DONE) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1141 /* ctx->handler() was called */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1142 return;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1143 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1144
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1145 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1146 "OCSP responder prematurely closed connection");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1147
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1148 ngx_ssl_ocsp_error(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1149 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1150
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1151
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1152 static void
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1153 ngx_ssl_ocsp_dummy_handler(ngx_event_t *ev)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1154 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1155 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1156 "ssl ocsp dummy handler");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1157 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1158
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1159
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1160 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1161 ngx_ssl_ocsp_create_request(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1162 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1163 int len;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1164 u_char *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1165 uintptr_t escape;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1166 ngx_str_t binary, base64;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1167 ngx_buf_t *b;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1168 OCSP_CERTID *id;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1169 OCSP_REQUEST *ocsp;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1170
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1171 ocsp = OCSP_REQUEST_new();
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1172 if (ocsp == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1173 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1174 "OCSP_REQUEST_new() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1175 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1176 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1177
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1178 id = OCSP_cert_to_id(NULL, ctx->cert, ctx->issuer);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1179 if (id == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1180 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1181 "OCSP_cert_to_id() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1182 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1183 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1184
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1185 if (OCSP_request_add0_id(ocsp, id) == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1186 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1187 "OCSP_request_add0_id() failed");
6064 ff957cd36860 OCSP stapling: missing free calls. Filipe da Silva <fdasilva@ingima.com> parents: 5777 diff changeset	1188 OCSP_CERTID_free(id);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1189 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1190 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1191
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1192 len = i2d_OCSP_REQUEST(ocsp, NULL);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1193 if (len <= 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1194 ngx_ssl_error(NGX_LOG_CRIT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1195 "i2d_OCSP_REQUEST() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1196 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1197 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1198
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1199 binary.len = len;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1200 binary.data = ngx_palloc(ctx->pool, len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1201 if (binary.data == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1202 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1203 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1204
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1205 p = binary.data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1206 len = i2d_OCSP_REQUEST(ocsp, &p);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1207 if (len <= 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1208 ngx_ssl_error(NGX_LOG_EMERG, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1209 "i2d_OCSP_REQUEST() failed");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1210 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1211 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1212
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1213 base64.len = ngx_base64_encoded_length(binary.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1214 base64.data = ngx_palloc(ctx->pool, base64.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1215 if (base64.data == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1216 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1217 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1218
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1219 ngx_encode_base64(&base64, &binary);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1220
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1221 escape = ngx_escape_uri(NULL, base64.data, base64.len,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1222 NGX_ESCAPE_URI_COMPONENT);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1223
4880 0254c1a43fe5 OCSP stapling: build fixes. Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	1224 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
0254c1a43fe5 OCSP stapling: build fixes. Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	1225 "ssl ocsp request length %z, escape %d",
6480 f01ab2dbcfdc Fixed logging. Sergey Kandaurov <pluknet@nginx.com> parents: 6206 diff changeset	1226 base64.len, (int) escape);
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1227
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1228 len = sizeof("GET ") - 1 + ctx->uri.len + sizeof("/") - 1
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1229 + base64.len + 2 * escape + sizeof(" HTTP/1.0" CRLF) - 1
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1230 + sizeof("Host: ") - 1 + ctx->host.len + sizeof(CRLF) - 1
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1231 + sizeof(CRLF) - 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1232
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1233 b = ngx_create_temp_buf(ctx->pool, len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1234 if (b == NULL) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1235 goto failed;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1236 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1237
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1238 p = b->last;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1239
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1240 p = ngx_cpymem(p, "GET ", sizeof("GET ") - 1);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1241 p = ngx_cpymem(p, ctx->uri.data, ctx->uri.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1242
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1243 if (ctx->uri.data[ctx->uri.len - 1] != '/') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1244 *p++ = '/';
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1245 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1246
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1247 if (escape == 0) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1248 p = ngx_cpymem(p, base64.data, base64.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1249
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1250 } else {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1251 p = (u_char *) ngx_escape_uri(p, base64.data, base64.len,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1252 NGX_ESCAPE_URI_COMPONENT);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1253 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1254
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1255 p = ngx_cpymem(p, " HTTP/1.0" CRLF, sizeof(" HTTP/1.0" CRLF) - 1);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1256 p = ngx_cpymem(p, "Host: ", sizeof("Host: ") - 1);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1257 p = ngx_cpymem(p, ctx->host.data, ctx->host.len);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1258 p++ = CR; p++ = LF;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1259
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1260 /* add "\r\n" at the header end */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1261 p++ = CR; p++ = LF;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1262
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1263 b->last = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1264 ctx->request = b;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1265
5683 48c97d83ab7f OCSP stapling: missing OCSP request free call. Filipe da Silva <fdasilvayy@gmail.com> parents: 5477 diff changeset	1266 OCSP_REQUEST_free(ocsp);
48c97d83ab7f OCSP stapling: missing OCSP request free call. Filipe da Silva <fdasilvayy@gmail.com> parents: 5477 diff changeset	1267
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1268 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1269
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1270 failed:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1271
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1272 OCSP_REQUEST_free(ocsp);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1273
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1274 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1275 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1276
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1277
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1278 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1279 ngx_ssl_ocsp_process_status_line(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1280 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1281 ngx_int_t rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1282
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1283 rc = ngx_ssl_ocsp_parse_status_line(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1284
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1285 if (rc == NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1286 #if 0
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1287 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1288 "ssl ocsp status line \"%*s\"",
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1289 ctx->response->pos - ctx->response->start,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1290 ctx->response->start);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1291 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1292
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1293 ctx->process = ngx_ssl_ocsp_process_headers;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1294 return ctx->process(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1295 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1296
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1297 if (rc == NGX_AGAIN) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1298 return NGX_AGAIN;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1299 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1300
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1301 /* rc == NGX_ERROR */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1302
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1303 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1304 "OCSP responder sent invalid response");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1305
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1306 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1307 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1308
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1309
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1310 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1311 ngx_ssl_ocsp_parse_status_line(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1312 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1313 u_char ch;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1314 u_char *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1315 ngx_buf_t *b;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1316 enum {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1317 sw_start = 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1318 sw_H,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1319 sw_HT,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1320 sw_HTT,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1321 sw_HTTP,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1322 sw_first_major_digit,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1323 sw_major_digit,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1324 sw_first_minor_digit,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1325 sw_minor_digit,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1326 sw_status,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1327 sw_space_after_status,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1328 sw_status_text,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1329 sw_almost_done
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1330 } state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1331
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1332 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1333 "ssl ocsp process status line");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1334
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1335 state = ctx->state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1336 b = ctx->response;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1337
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1338 for (p = b->pos; p < b->last; p++) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1339 ch = *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1340
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1341 switch (state) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1342
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1343 /* "HTTP/" */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1344 case sw_start:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1345 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1346 case 'H':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1347 state = sw_H;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1348 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1349 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1350 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1351 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1352 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1353
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1354 case sw_H:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1355 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1356 case 'T':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1357 state = sw_HT;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1358 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1359 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1360 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1361 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1362 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1363
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1364 case sw_HT:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1365 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1366 case 'T':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1367 state = sw_HTT;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1368 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1369 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1370 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1371 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1372 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1373
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1374 case sw_HTT:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1375 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1376 case 'P':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1377 state = sw_HTTP;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1378 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1379 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1380 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1381 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1382 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1383
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1384 case sw_HTTP:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1385 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1386 case '/':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1387 state = sw_first_major_digit;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1388 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1389 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1390 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1391 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1392 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1393
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1394 /* the first digit of major HTTP version */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1395 case sw_first_major_digit:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1396 if (ch < '1' \|\| ch > '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1397 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1398 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1399
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1400 state = sw_major_digit;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1401 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1402
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1403 /* the major HTTP version or dot */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1404 case sw_major_digit:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1405 if (ch == '.') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1406 state = sw_first_minor_digit;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1407 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1408 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1409
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1410 if (ch < '0' \|\| ch > '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1411 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1412 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1413
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1414 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1415
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1416 /* the first digit of minor HTTP version */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1417 case sw_first_minor_digit:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1418 if (ch < '0' \|\| ch > '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1419 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1420 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1421
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1422 state = sw_minor_digit;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1423 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1424
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1425 /* the minor HTTP version or the end of the request line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1426 case sw_minor_digit:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1427 if (ch == ' ') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1428 state = sw_status;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1429 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1430 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1431
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1432 if (ch < '0' \|\| ch > '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1433 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1434 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1435
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1436 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1437
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1438 /* HTTP status code */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1439 case sw_status:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1440 if (ch == ' ') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1441 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1442 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1443
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1444 if (ch < '0' \|\| ch > '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1445 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1446 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1447
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1448 ctx->code = ctx->code * 10 + ch - '0';
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1449
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1450 if (++ctx->count == 3) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1451 state = sw_space_after_status;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1452 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1453
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1454 break;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1455
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1456 /* space or end of line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1457 case sw_space_after_status:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1458 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1459 case ' ':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1460 state = sw_status_text;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1461 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1462 case '.': /* IIS may send 403.1, 403.2, etc */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1463 state = sw_status_text;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1464 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1465 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1466 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1467 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1468 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1469 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1470 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1471 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1472 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1473 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1474
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1475 /* any text until end of line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1476 case sw_status_text:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1477 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1478 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1479 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1480 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1481 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1482 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1483 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1484 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1485
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1486 /* end of status line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1487 case sw_almost_done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1488 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1489 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1490 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1491 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1492 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1493 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1494 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1495 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1496
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1497 b->pos = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1498 ctx->state = state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1499
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1500 return NGX_AGAIN;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1501
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1502 done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1503
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1504 b->pos = p + 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1505 ctx->state = sw_start;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1506
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1507 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1508 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1509
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1510
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1511 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1512 ngx_ssl_ocsp_process_headers(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1513 {
4876 1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1514 size_t len;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1515 ngx_int_t rc;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1516
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1517 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1518 "ssl ocsp process headers");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1519
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1520 for ( ;; ) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1521 rc = ngx_ssl_ocsp_parse_header_line(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1522
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1523 if (rc == NGX_OK) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1524
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1525 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1526 "ssl ocsp header \"%s: %s\"",
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1527 ctx->header_name_end - ctx->header_name_start,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1528 ctx->header_name_start,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1529 ctx->header_end - ctx->header_start,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1530 ctx->header_start);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1531
4876 1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1532 len = ctx->header_name_end - ctx->header_name_start;
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1533
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1534 if (len == sizeof("Content-Type") - 1
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1535 && ngx_strncasecmp(ctx->header_name_start,
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1536 (u_char *) "Content-Type",
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1537 sizeof("Content-Type") - 1)
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1538 == 0)
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1539 {
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1540 len = ctx->header_end - ctx->header_start;
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1541
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1542 if (len != sizeof("application/ocsp-response") - 1
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1543 \|\| ngx_strncasecmp(ctx->header_start,
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1544 (u_char *) "application/ocsp-response",
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1545 sizeof("application/ocsp-response") - 1)
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1546 != 0)
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1547 {
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1548 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1549 "OCSP responder sent invalid "
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1550 "\"Content-Type\" header: \"%*s\"",
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1551 ctx->header_end - ctx->header_start,
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1552 ctx->header_start);
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1553 return NGX_ERROR;
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1554 }
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1555
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1556 continue;
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1557 }
1a008f968f6d OCSP stapling: check Content-Type. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	1558
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1559 /* TODO: honor Content-Length */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1560
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1561 continue;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1562 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1563
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1564 if (rc == NGX_DONE) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1565 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1566 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1567
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1568 if (rc == NGX_AGAIN) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1569 return NGX_AGAIN;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1570 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1571
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1572 /* rc == NGX_ERROR */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1573
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1574 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1575 "OCSP responder sent invalid response");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1576
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1577 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1578 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1579
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1580 ctx->process = ngx_ssl_ocsp_process_body;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1581 return ctx->process(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1582 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1583
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1584 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1585 ngx_ssl_ocsp_parse_header_line(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1586 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1587 u_char c, ch, *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1588 enum {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1589 sw_start = 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1590 sw_name,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1591 sw_space_before_value,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1592 sw_value,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1593 sw_space_after_value,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1594 sw_almost_done,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1595 sw_header_almost_done
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1596 } state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1597
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1598 state = ctx->state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1599
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1600 for (p = ctx->response->pos; p < ctx->response->last; p++) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1601 ch = *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1602
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1603 #if 0
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1604 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1605 "s:%d in:'%02Xd:%c'", state, ch, ch);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1606 #endif
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1607
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1608 switch (state) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1609
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1610 /* first char */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1611 case sw_start:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1612
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1613 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1614 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1615 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1616 state = sw_header_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1617 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1618 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1619 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1620 goto header_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1621 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1622 state = sw_name;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1623 ctx->header_name_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1624
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1625 c = (u_char) (ch \| 0x20);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1626 if (c >= 'a' && c <= 'z') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1627 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1628 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1629
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1630 if (ch >= '0' && ch <= '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1631 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1632 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1633
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1634 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1635 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1636 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1637
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1638 /* header name */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1639 case sw_name:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1640 c = (u_char) (ch \| 0x20);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1641 if (c >= 'a' && c <= 'z') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1642 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1643 }
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1644
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1645 if (ch == ':') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1646 ctx->header_name_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1647 state = sw_space_before_value;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1648 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1649 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1650
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1651 if (ch == '-') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1652 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1653 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1654
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1655 if (ch >= '0' && ch <= '9') {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1656 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1657 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1658
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1659 if (ch == CR) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1660 ctx->header_name_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1661 ctx->header_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1662 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1663 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1664 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1665 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1666
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1667 if (ch == LF) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1668 ctx->header_name_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1669 ctx->header_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1670 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1671 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1672 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1673
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1674 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1675
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1676 /* space* before header value */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1677 case sw_space_before_value:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1678 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1679 case ' ':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1680 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1681 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1682 ctx->header_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1683 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1684 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1685 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1686 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1687 ctx->header_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1688 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1689 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1690 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1691 ctx->header_start = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1692 state = sw_value;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1693 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1694 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1695 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1696
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1697 /* header value */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1698 case sw_value:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1699 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1700 case ' ':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1701 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1702 state = sw_space_after_value;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1703 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1704 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1705 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1706 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1707 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1708 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1709 ctx->header_end = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1710 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1711 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1712 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1713
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1714 /* space* before end of header line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1715 case sw_space_after_value:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1716 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1717 case ' ':
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1718 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1719 case CR:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1720 state = sw_almost_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1721 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1722 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1723 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1724 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1725 state = sw_value;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1726 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1727 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1728 break;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1729
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1730 /* end of header line */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1731 case sw_almost_done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1732 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1733 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1734 goto done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1735 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1736 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1737 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1738
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1739 /* end of header */
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1740 case sw_header_almost_done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1741 switch (ch) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1742 case LF:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1743 goto header_done;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1744 default:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1745 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1746 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1747 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1748 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1749
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1750 ctx->response->pos = p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1751 ctx->state = state;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1752
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1753 return NGX_AGAIN;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1754
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1755 done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1756
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1757 ctx->response->pos = p + 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1758 ctx->state = sw_start;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1759
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1760 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1761
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1762 header_done:
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1763
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1764 ctx->response->pos = p + 1;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1765 ctx->state = sw_start;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1766
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1767 return NGX_DONE;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1768 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1769
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1770
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1771 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1772 ngx_ssl_ocsp_process_body(ngx_ssl_ocsp_ctx_t *ctx)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1773 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1774 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1775 "ssl ocsp process body");
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1776
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1777 if (ctx->done) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1778 ctx->handler(ctx);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1779 return NGX_DONE;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1780 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1781
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1782 return NGX_AGAIN;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1783 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1784
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1785
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1786 static u_char *
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1787 ngx_ssl_ocsp_log_error(ngx_log_t log, u_char buf, size_t len)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1788 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1789 u_char *p;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1790 ngx_ssl_ocsp_ctx_t *ctx;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1791
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1792 p = buf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1793
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1794 if (log->action) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1795 p = ngx_snprintf(buf, len, " while %s", log->action);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1796 len -= p - buf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1797 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1798
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1799 ctx = log->data;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1800
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1801 if (ctx) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1802 p = ngx_snprintf(p, len, ", responder: %V", &ctx->host);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1803 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1804
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1805 return p;
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1806 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1807
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1808
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1809 #else
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1810
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1811
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1812 ngx_int_t
4880 0254c1a43fe5 OCSP stapling: build fixes. Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	1813 ngx_ssl_stapling(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *file,
0254c1a43fe5 OCSP stapling: build fixes. Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	1814 ngx_str_t *responder, ngx_uint_t verify)
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1815 {
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1816 ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1817 "\"ssl_stapling\" ignored, not supported");
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1818
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1819 return NGX_OK;
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1820 }
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1821
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1822 ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1823 ngx_ssl_stapling_resolver(ngx_conf_t cf, ngx_ssl_t ssl,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1824 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1825 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1826 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1827 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4874 diff changeset	1828
4874 d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1829
d1a20423c425 OCSP stapling: the ngx_event_openssl_stapling.c file. Maxim Dounin <mdounin@mdounin.ru> parents: diff changeset	1830 #endif

Mercurial > hg > nginx

annotate src/event/ngx_event_openssl_stapling.c @ 6536:f7849bfb6d21