Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 3243:08570d26c7c5 stable-0.7
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
various SSL fixes and features:
*) $ssl_client_verify
*) "ssl_verify_client ask" was changed to "ssl_verify_client optional"
*) ssl_crl
*) delete OpenSSL pre-0.9.7 compatibility: the sources were not actually
compatible with OpenSSL 0.9.6 since ssl_session_cache introduction
*) fix memory corruption in $ssl_client_cert
*) issue SNI warning instead of failure: this is too common case
*) use ngx_log_error(), since OpenSSL does not set an error on the failure
*) add SNI support in -V output
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 26 Oct 2009 16:53:34 +0000 |
parents | f678ea405737 |
children | 61962127b166 |
comparison
equal
deleted
inserted
replaced
3242:f678ea405737 | 3243:08570d26c7c5 |
---|---|
1518 X509 *cert; | 1518 X509 *cert; |
1519 ngx_http_ssl_srv_conf_t *sscf; | 1519 ngx_http_ssl_srv_conf_t *sscf; |
1520 | 1520 |
1521 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); | 1521 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); |
1522 | 1522 |
1523 if (sscf->verify == 1) { | 1523 if (sscf->verify) { |
1524 rc = SSL_get_verify_result(c->ssl->connection); | 1524 rc = SSL_get_verify_result(c->ssl->connection); |
1525 | 1525 |
1526 if (rc != X509_V_OK) { | 1526 if (rc != X509_V_OK) { |
1527 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1527 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1528 "client SSL certificate verify error: (%l:%s)", | 1528 "client SSL certificate verify error: (%l:%s)", |
1533 | 1533 |
1534 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); | 1534 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); |
1535 return; | 1535 return; |
1536 } | 1536 } |
1537 | 1537 |
1538 cert = SSL_get_peer_certificate(c->ssl->connection); | 1538 if (sscf->verify == 1) { |
1539 | 1539 cert = SSL_get_peer_certificate(c->ssl->connection); |
1540 if (cert == NULL) { | 1540 |
1541 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1541 if (cert == NULL) { |
1542 "client sent no required SSL certificate"); | 1542 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
1543 | 1543 "client sent no required SSL certificate"); |
1544 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | 1544 |
1545 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | |
1545 (SSL_get0_session(c->ssl->connection))); | 1546 (SSL_get0_session(c->ssl->connection))); |
1546 | 1547 |
1547 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); | 1548 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); |
1548 return; | 1549 return; |
1549 } | 1550 } |
1550 | 1551 |
1551 X509_free(cert); | 1552 X509_free(cert); |
1553 } | |
1552 } | 1554 } |
1553 } | 1555 } |
1554 | 1556 |
1555 #endif | 1557 #endif |
1556 | 1558 |