Mercurial > hg > nginx

comparison src/http/ngx_http_request.c @ 3243:08570d26c7c5 stable-0.7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232: various SSL fixes and features: *) $ssl_client_verify *) "ssl_verify_client ask" was changed to "ssl_verify_client optional" *) ssl_crl *) delete OpenSSL pre-0.9.7 compatibility: the sources were not actually compatible with OpenSSL 0.9.6 since ssl_session_cache introduction *) fix memory corruption in $ssl_client_cert *) issue SNI warning instead of failure: this is too common case *) use ngx_log_error(), since OpenSSL does not set an error on the failure *) add SNI support in -V output
author Igor Sysoev <igor@sysoev.ru>
date Mon, 26 Oct 2009 16:53:34 +0000
parents f678ea405737
children 61962127b166
comparison
equal deleted inserted replaced
3242:f678ea405737 3243:08570d26c7c5
1518 X509 *cert; 1518 X509 *cert;
1519 ngx_http_ssl_srv_conf_t *sscf; 1519 ngx_http_ssl_srv_conf_t *sscf;
1520 1520
1521 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); 1521 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
1522 1522
1523 if (sscf->verify == 1) { 1523 if (sscf->verify) {
1524 rc = SSL_get_verify_result(c->ssl->connection); 1524 rc = SSL_get_verify_result(c->ssl->connection);
1525 1525
1526 if (rc != X509_V_OK) { 1526 if (rc != X509_V_OK) {
1527 ngx_log_error(NGX_LOG_INFO, c->log, 0, 1527 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1528 "client SSL certificate verify error: (%l:%s)", 1528 "client SSL certificate verify error: (%l:%s)",
1533 1533
1534 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); 1534 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
1535 return; 1535 return;
1536 } 1536 }
1537 1537
1538 cert = SSL_get_peer_certificate(c->ssl->connection); 1538 if (sscf->verify == 1) {
1539 1539 cert = SSL_get_peer_certificate(c->ssl->connection);
1540 if (cert == NULL) { 1540
1541 ngx_log_error(NGX_LOG_INFO, c->log, 0, 1541 if (cert == NULL) {
1542 "client sent no required SSL certificate"); 1542 ngx_log_error(NGX_LOG_INFO, c->log, 0,
1543 1543 "client sent no required SSL certificate");
1544 ngx_ssl_remove_cached_session(sscf->ssl.ctx, 1544
1545 ngx_ssl_remove_cached_session(sscf->ssl.ctx,
1545 (SSL_get0_session(c->ssl->connection))); 1546 (SSL_get0_session(c->ssl->connection)));
1546 1547
1547 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); 1548 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
1548 return; 1549 return;
1549 } 1550 }
1550 1551
1551 X509_free(cert); 1552 X509_free(cert);
1553 }
1552 } 1554 }
1553 } 1555 }
1554 1556
1555 #endif 1557 #endif
1556 1558