Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6814:379139020d36
SSL: $ssl_client_verify extended with a failure reason.
Now in case of a verification failure $ssl_client_verify contains
"FAILED:<reason>", similar to Apache's SSL_CLIENT_VERIFY, e.g.,
"FAILED:certificate has expired".
Detailed description of possible errors can be found in the verify(1)
manual page as provided by OpenSSL.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 05 Dec 2016 22:23:22 +0300 |
parents | a7ec59df0c4d |
children | 2d15fff64e3c |
comparison
equal
deleted
inserted
replaced
6813:94586180fb41 | 6814:379139020d36 |
---|---|
3715 | 3715 |
3716 | 3716 |
3717 ngx_int_t | 3717 ngx_int_t |
3718 ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 3718 ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
3719 { | 3719 { |
3720 X509 *cert; | 3720 X509 *cert; |
3721 | 3721 long rc; |
3722 if (SSL_get_verify_result(c->ssl->connection) != X509_V_OK) { | 3722 const char *str; |
3723 ngx_str_set(s, "FAILED"); | 3723 |
3724 cert = SSL_get_peer_certificate(c->ssl->connection); | |
3725 if (cert == NULL) { | |
3726 ngx_str_set(s, "NONE"); | |
3724 return NGX_OK; | 3727 return NGX_OK; |
3725 } | 3728 } |
3726 | 3729 |
3727 cert = SSL_get_peer_certificate(c->ssl->connection); | 3730 X509_free(cert); |
3728 | 3731 |
3729 if (cert) { | 3732 rc = SSL_get_verify_result(c->ssl->connection); |
3733 | |
3734 if (rc == X509_V_OK) { | |
3730 ngx_str_set(s, "SUCCESS"); | 3735 ngx_str_set(s, "SUCCESS"); |
3731 | 3736 return NGX_OK; |
3732 } else { | 3737 } |
3733 ngx_str_set(s, "NONE"); | 3738 |
3734 } | 3739 str = X509_verify_cert_error_string(rc); |
3735 | 3740 |
3736 X509_free(cert); | 3741 s->data = ngx_pnalloc(pool, sizeof("FAILED:") - 1 + ngx_strlen(str)); |
3742 if (s->data == NULL) { | |
3743 return NGX_ERROR; | |
3744 } | |
3745 | |
3746 s->len = ngx_sprintf(s->data, "FAILED:%s", str) - s->data; | |
3737 | 3747 |
3738 return NGX_OK; | 3748 return NGX_OK; |
3739 } | 3749 } |
3740 | 3750 |
3741 | 3751 |