Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 1924:291689a7e5dc
invalidate SSL session if there is no valid client certificate
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Mon, 10 Mar 2008 14:47:07 +0000 |
| parents | 22e28e77246b |
| children | f32cc6df6bd6 |
comparison
equal
deleted
inserted
replaced
| 1923:c72fe0a8d9b4 | 1924:291689a7e5dc |
|---|---|
| 1428 | 1428 |
| 1429 if (rc != X509_V_OK) { | 1429 if (rc != X509_V_OK) { |
| 1430 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1430 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 1431 "client SSL certificate verify error: (%l:%s)", | 1431 "client SSL certificate verify error: (%l:%s)", |
| 1432 rc, X509_verify_cert_error_string(rc)); | 1432 rc, X509_verify_cert_error_string(rc)); |
| 1433 | |
| 1434 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | |
| 1435 (SSL_get0_session(c->ssl->connection))); | |
| 1436 | |
| 1433 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); | 1437 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); |
| 1434 return; | 1438 return; |
| 1435 } | 1439 } |
| 1436 | 1440 |
| 1437 if (SSL_get_peer_certificate(c->ssl->connection) | 1441 if (SSL_get_peer_certificate(c->ssl->connection) |
| 1438 == NULL) | 1442 == NULL) |
| 1439 { | 1443 { |
| 1440 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1444 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 1441 "client sent no required SSL certificate"); | 1445 "client sent no required SSL certificate"); |
| 1446 | |
| 1447 ngx_ssl_remove_cached_session(sscf->ssl.ctx, | |
| 1448 (SSL_get0_session(c->ssl->connection))); | |
| 1449 | |
| 1442 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); | 1450 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); |
| 1443 return; | 1451 return; |
| 1444 } | 1452 } |
| 1445 } | 1453 } |
| 1446 } | 1454 } |