Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 7779:018a09b766ef

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: X509_NAME_oneline() error handling.
author Maxim Dounin <mdounin@mdounin.ru>
date Sat, 20 Feb 2021 18:02:49 +0300
parents 7efae6b4cfb0
children 3bed5797a1b7
comparison
equal deleted inserted replaced
7778:549b13cd793b 7779:018a09b766ef
1017 cert = X509_STORE_CTX_get_current_cert(x509_store); 1017 cert = X509_STORE_CTX_get_current_cert(x509_store);
1018 err = X509_STORE_CTX_get_error(x509_store); 1018 err = X509_STORE_CTX_get_error(x509_store);
1019 depth = X509_STORE_CTX_get_error_depth(x509_store); 1019 depth = X509_STORE_CTX_get_error_depth(x509_store);
1020 1020
1021 sname = X509_get_subject_name(cert); 1021 sname = X509_get_subject_name(cert);
1022 subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)"; 1022
1023 if (sname) {
1024 subject = X509_NAME_oneline(sname, NULL, 0);
1025 if (subject == NULL) {
1026 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
1027 "X509_NAME_oneline() failed");
1028 }
1029
1030 } else {
1031 subject = NULL;
1032 }
1023 1033
1024 iname = X509_get_issuer_name(cert); 1034 iname = X509_get_issuer_name(cert);
1025 issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)"; 1035
1036 if (iname) {
1037 issuer = X509_NAME_oneline(iname, NULL, 0);
1038 if (issuer == NULL) {
1039 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
1040 "X509_NAME_oneline() failed");
1041 }
1042
1043 } else {
1044 issuer = NULL;
1045 }
1026 1046
1027 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, 1047 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
1028 "verify:%d, error:%d, depth:%d, " 1048 "verify:%d, error:%d, depth:%d, "
1029 "subject:\"%s\", issuer:\"%s\"", 1049 "subject:\"%s\", issuer:\"%s\"",
1030 ok, err, depth, subject, issuer); 1050 ok, err, depth,
1031 1051 subject ? subject : "(none)",
1032 if (sname) { 1052 issuer ? issuer : "(none)");
1053
1054 if (subject) {
1033 OPENSSL_free(subject); 1055 OPENSSL_free(subject);
1034 } 1056 }
1035 1057
1036 if (iname) { 1058 if (issuer) {
1037 OPENSSL_free(issuer); 1059 OPENSSL_free(issuer);
1038 } 1060 }
1039 #endif 1061 #endif
1040 1062
1041 return 1; 1063 return 1;
4898 X509_free(cert); 4920 X509_free(cert);
4899 return NGX_ERROR; 4921 return NGX_ERROR;
4900 } 4922 }
4901 4923
4902 p = X509_NAME_oneline(name, NULL, 0); 4924 p = X509_NAME_oneline(name, NULL, 0);
4925 if (p == NULL) {
4926 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_oneline() failed");
4927 X509_free(cert);
4928 return NGX_ERROR;
4929 }
4903 4930
4904 for (len = 0; p[len]; len++) { /* void */ } 4931 for (len = 0; p[len]; len++) { /* void */ }
4905 4932
4906 s->len = len; 4933 s->len = len;
4907 s->data = ngx_pnalloc(pool, len); 4934 s->data = ngx_pnalloc(pool, len);
4941 X509_free(cert); 4968 X509_free(cert);
4942 return NGX_ERROR; 4969 return NGX_ERROR;
4943 } 4970 }
4944 4971
4945 p = X509_NAME_oneline(name, NULL, 0); 4972 p = X509_NAME_oneline(name, NULL, 0);
4973 if (p == NULL) {
4974 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_oneline() failed");
4975 X509_free(cert);
4976 return NGX_ERROR;
4977 }
4946 4978
4947 for (len = 0; p[len]; len++) { /* void */ } 4979 for (len = 0; p[len]; len++) { /* void */ }
4948 4980
4949 s->len = len; 4981 s->len = len;
4950 s->data = ngx_pnalloc(pool, len); 4982 s->data = ngx_pnalloc(pool, len);