Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 8714:05e0988a6898 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merged with the default branch.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 10 Mar 2021 15:39:01 +0300
parents f61d347158d0 51e6a665523c
children 6674a50cbb6c
comparison
equal deleted inserted replaced
8713:d981c7bd1da7 8714:05e0988a6898
81 81
82 static time_t ngx_ssl_parse_time( 82 static time_t ngx_ssl_parse_time(
83 #if OPENSSL_VERSION_NUMBER > 0x10100000L 83 #if OPENSSL_VERSION_NUMBER > 0x10100000L
84 const 84 const
85 #endif 85 #endif
86 ASN1_TIME *asn1time); 86 ASN1_TIME *asn1time, ngx_log_t *log);
87 87
88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); 88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); 89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
90 static void ngx_openssl_exit(ngx_cycle_t *cycle); 90 static void ngx_openssl_exit(ngx_cycle_t *cycle);
91 91
1012 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store, 1012 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store,
1013 SSL_get_ex_data_X509_STORE_CTX_idx()); 1013 SSL_get_ex_data_X509_STORE_CTX_idx());
1014 1014
1015 c = ngx_ssl_get_connection(ssl_conn); 1015 c = ngx_ssl_get_connection(ssl_conn);
1016 1016
1017 if (!(c->log->log_level & NGX_LOG_DEBUG_EVENT)) {
1018 return 1;
1019 }
1020
1017 cert = X509_STORE_CTX_get_current_cert(x509_store); 1021 cert = X509_STORE_CTX_get_current_cert(x509_store);
1018 err = X509_STORE_CTX_get_error(x509_store); 1022 err = X509_STORE_CTX_get_error(x509_store);
1019 depth = X509_STORE_CTX_get_error_depth(x509_store); 1023 depth = X509_STORE_CTX_get_error_depth(x509_store);
1020 1024
1021 sname = X509_get_subject_name(cert); 1025 sname = X509_get_subject_name(cert);
1022 subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)"; 1026
1027 if (sname) {
1028 subject = X509_NAME_oneline(sname, NULL, 0);
1029 if (subject == NULL) {
1030 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
1031 "X509_NAME_oneline() failed");
1032 }
1033
1034 } else {
1035 subject = NULL;
1036 }
1023 1037
1024 iname = X509_get_issuer_name(cert); 1038 iname = X509_get_issuer_name(cert);
1025 issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)"; 1039
1040 if (iname) {
1041 issuer = X509_NAME_oneline(iname, NULL, 0);
1042 if (issuer == NULL) {
1043 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0,
1044 "X509_NAME_oneline() failed");
1045 }
1046
1047 } else {
1048 issuer = NULL;
1049 }
1026 1050
1027 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, 1051 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
1028 "verify:%d, error:%d, depth:%d, " 1052 "verify:%d, error:%d, depth:%d, "
1029 "subject:\"%s\", issuer:\"%s\"", 1053 "subject:\"%s\", issuer:\"%s\"",
1030 ok, err, depth, subject, issuer); 1054 ok, err, depth,
1031 1055 subject ? subject : "(none)",
1032 if (sname) { 1056 issuer ? issuer : "(none)");
1057
1058 if (subject) {
1033 OPENSSL_free(subject); 1059 OPENSSL_free(subject);
1034 } 1060 }
1035 1061
1036 if (iname) { 1062 if (issuer) {
1037 OPENSSL_free(issuer); 1063 OPENSSL_free(issuer);
1038 } 1064 }
1039 #endif 1065 #endif
1040 1066
1041 return 1; 1067 return 1;
1945 char buf[129], *s, *d; 1971 char buf[129], *s, *d;
1946 #if OPENSSL_VERSION_NUMBER >= 0x10000000L 1972 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
1947 const 1973 const
1948 #endif 1974 #endif
1949 SSL_CIPHER *cipher; 1975 SSL_CIPHER *cipher;
1976
1977 if (!(c->log->log_level & NGX_LOG_DEBUG_EVENT)) {
1978 return;
1979 }
1950 1980
1951 cipher = SSL_get_current_cipher(c->ssl->connection); 1981 cipher = SSL_get_current_cipher(c->ssl->connection);
1952 1982
1953 if (cipher) { 1983 if (cipher) {
1954 SSL_CIPHER_description(cipher, &buf[1], 128); 1984 SSL_CIPHER_description(cipher, &buf[1], 128);
4800 return NGX_ERROR; 4830 return NGX_ERROR;
4801 } 4831 }
4802 4832
4803 bio = BIO_new(BIO_s_mem()); 4833 bio = BIO_new(BIO_s_mem());
4804 if (bio == NULL) { 4834 if (bio == NULL) {
4835 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
4805 X509_free(cert); 4836 X509_free(cert);
4806 return NGX_ERROR; 4837 return NGX_ERROR;
4807 } 4838 }
4808 4839
4809 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { 4840 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) {
4841 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_print_ex() failed");
4810 goto failed; 4842 goto failed;
4811 } 4843 }
4812 4844
4813 s->len = BIO_pending(bio); 4845 s->len = BIO_pending(bio);
4814 s->data = ngx_pnalloc(pool, s->len); 4846 s->data = ngx_pnalloc(pool, s->len);
4852 return NGX_ERROR; 4884 return NGX_ERROR;
4853 } 4885 }
4854 4886
4855 bio = BIO_new(BIO_s_mem()); 4887 bio = BIO_new(BIO_s_mem());
4856 if (bio == NULL) { 4888 if (bio == NULL) {
4889 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
4857 X509_free(cert); 4890 X509_free(cert);
4858 return NGX_ERROR; 4891 return NGX_ERROR;
4859 } 4892 }
4860 4893
4861 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { 4894 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) {
4895 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_print_ex() failed");
4862 goto failed; 4896 goto failed;
4863 } 4897 }
4864 4898
4865 s->len = BIO_pending(bio); 4899 s->len = BIO_pending(bio);
4866 s->data = ngx_pnalloc(pool, s->len); 4900 s->data = ngx_pnalloc(pool, s->len);
4905 X509_free(cert); 4939 X509_free(cert);
4906 return NGX_ERROR; 4940 return NGX_ERROR;
4907 } 4941 }
4908 4942
4909 p = X509_NAME_oneline(name, NULL, 0); 4943 p = X509_NAME_oneline(name, NULL, 0);
4944 if (p == NULL) {
4945 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_oneline() failed");
4946 X509_free(cert);
4947 return NGX_ERROR;
4948 }
4910 4949
4911 for (len = 0; p[len]; len++) { /* void */ } 4950 for (len = 0; p[len]; len++) { /* void */ }
4912 4951
4913 s->len = len; 4952 s->len = len;
4914 s->data = ngx_pnalloc(pool, len); 4953 s->data = ngx_pnalloc(pool, len);
4948 X509_free(cert); 4987 X509_free(cert);
4949 return NGX_ERROR; 4988 return NGX_ERROR;
4950 } 4989 }
4951 4990
4952 p = X509_NAME_oneline(name, NULL, 0); 4991 p = X509_NAME_oneline(name, NULL, 0);
4992 if (p == NULL) {
4993 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_oneline() failed");
4994 X509_free(cert);
4995 return NGX_ERROR;
4996 }
4953 4997
4954 for (len = 0; p[len]; len++) { /* void */ } 4998 for (len = 0; p[len]; len++) { /* void */ }
4955 4999
4956 s->len = len; 5000 s->len = len;
4957 s->data = ngx_pnalloc(pool, len); 5001 s->data = ngx_pnalloc(pool, len);
4984 return NGX_OK; 5028 return NGX_OK;
4985 } 5029 }
4986 5030
4987 bio = BIO_new(BIO_s_mem()); 5031 bio = BIO_new(BIO_s_mem());
4988 if (bio == NULL) { 5032 if (bio == NULL) {
5033 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
4989 X509_free(cert); 5034 X509_free(cert);
4990 return NGX_ERROR; 5035 return NGX_ERROR;
4991 } 5036 }
4992 5037
4993 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)); 5038 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
5022 if (cert == NULL) { 5067 if (cert == NULL) {
5023 return NGX_OK; 5068 return NGX_OK;
5024 } 5069 }
5025 5070
5026 if (!X509_digest(cert, EVP_sha1(), buf, &len)) { 5071 if (!X509_digest(cert, EVP_sha1(), buf, &len)) {
5072 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_digest() failed");
5027 X509_free(cert); 5073 X509_free(cert);
5028 return NGX_ERROR; 5074 return NGX_ERROR;
5029 } 5075 }
5030 5076
5031 s->len = 2 * len; 5077 s->len = 2 * len;
5095 return NGX_OK; 5141 return NGX_OK;
5096 } 5142 }
5097 5143
5098 bio = BIO_new(BIO_s_mem()); 5144 bio = BIO_new(BIO_s_mem());
5099 if (bio == NULL) { 5145 if (bio == NULL) {
5146 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
5100 X509_free(cert); 5147 X509_free(cert);
5101 return NGX_ERROR; 5148 return NGX_ERROR;
5102 } 5149 }
5103 5150
5104 #if OPENSSL_VERSION_NUMBER > 0x10100000L 5151 #if OPENSSL_VERSION_NUMBER > 0x10100000L
5139 return NGX_OK; 5186 return NGX_OK;
5140 } 5187 }
5141 5188
5142 bio = BIO_new(BIO_s_mem()); 5189 bio = BIO_new(BIO_s_mem());
5143 if (bio == NULL) { 5190 if (bio == NULL) {
5191 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
5144 X509_free(cert); 5192 X509_free(cert);
5145 return NGX_ERROR; 5193 return NGX_ERROR;
5146 } 5194 }
5147 5195
5148 #if OPENSSL_VERSION_NUMBER > 0x10100000L 5196 #if OPENSSL_VERSION_NUMBER > 0x10100000L
5181 if (cert == NULL) { 5229 if (cert == NULL) {
5182 return NGX_OK; 5230 return NGX_OK;
5183 } 5231 }
5184 5232
5185 #if OPENSSL_VERSION_NUMBER > 0x10100000L 5233 #if OPENSSL_VERSION_NUMBER > 0x10100000L
5186 end = ngx_ssl_parse_time(X509_get0_notAfter(cert)); 5234 end = ngx_ssl_parse_time(X509_get0_notAfter(cert), c->log);
5187 #else 5235 #else
5188 end = ngx_ssl_parse_time(X509_get_notAfter(cert)); 5236 end = ngx_ssl_parse_time(X509_get_notAfter(cert), c->log);
5189 #endif 5237 #endif
5190 5238
5191 if (end == (time_t) NGX_ERROR) { 5239 if (end == (time_t) NGX_ERROR) {
5192 X509_free(cert); 5240 X509_free(cert);
5193 return NGX_OK; 5241 return NGX_OK;
5218 static time_t 5266 static time_t
5219 ngx_ssl_parse_time( 5267 ngx_ssl_parse_time(
5220 #if OPENSSL_VERSION_NUMBER > 0x10100000L 5268 #if OPENSSL_VERSION_NUMBER > 0x10100000L
5221 const 5269 const
5222 #endif 5270 #endif
5223 ASN1_TIME *asn1time) 5271 ASN1_TIME *asn1time, ngx_log_t *log)
5224 { 5272 {
5225 BIO *bio; 5273 BIO *bio;
5226 char *value; 5274 char *value;
5227 size_t len; 5275 size_t len;
5228 time_t time; 5276 time_t time;
5234 * "Feb 3 00:55:52 2015 GMT"), and parse the result. 5282 * "Feb 3 00:55:52 2015 GMT"), and parse the result.
5235 */ 5283 */
5236 5284
5237 bio = BIO_new(BIO_s_mem()); 5285 bio = BIO_new(BIO_s_mem());
5238 if (bio == NULL) { 5286 if (bio == NULL) {
5287 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "BIO_new() failed");
5239 return NGX_ERROR; 5288 return NGX_ERROR;
5240 } 5289 }
5241 5290
5242 /* fake weekday prepended to match C asctime() format */ 5291 /* fake weekday prepended to match C asctime() format */
5243 5292