Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7780:3bed5797a1b7
SSL: added missed error reporting during variables evaluation.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sat, 20 Feb 2021 18:02:54 +0300 |
parents | 018a09b766ef |
children | 51e6a665523c |
comparison
equal
deleted
inserted
replaced
7779:018a09b766ef | 7780:3bed5797a1b7 |
---|---|
81 | 81 |
82 static time_t ngx_ssl_parse_time( | 82 static time_t ngx_ssl_parse_time( |
83 #if OPENSSL_VERSION_NUMBER > 0x10100000L | 83 #if OPENSSL_VERSION_NUMBER > 0x10100000L |
84 const | 84 const |
85 #endif | 85 #endif |
86 ASN1_TIME *asn1time); | 86 ASN1_TIME *asn1time, ngx_log_t *log); |
87 | 87 |
88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); | 88 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); | 89 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
90 static void ngx_openssl_exit(ngx_cycle_t *cycle); | 90 static void ngx_openssl_exit(ngx_cycle_t *cycle); |
91 | 91 |
4815 return NGX_ERROR; | 4815 return NGX_ERROR; |
4816 } | 4816 } |
4817 | 4817 |
4818 bio = BIO_new(BIO_s_mem()); | 4818 bio = BIO_new(BIO_s_mem()); |
4819 if (bio == NULL) { | 4819 if (bio == NULL) { |
4820 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed"); | |
4820 X509_free(cert); | 4821 X509_free(cert); |
4821 return NGX_ERROR; | 4822 return NGX_ERROR; |
4822 } | 4823 } |
4823 | 4824 |
4824 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { | 4825 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { |
4826 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_print_ex() failed"); | |
4825 goto failed; | 4827 goto failed; |
4826 } | 4828 } |
4827 | 4829 |
4828 s->len = BIO_pending(bio); | 4830 s->len = BIO_pending(bio); |
4829 s->data = ngx_pnalloc(pool, s->len); | 4831 s->data = ngx_pnalloc(pool, s->len); |
4867 return NGX_ERROR; | 4869 return NGX_ERROR; |
4868 } | 4870 } |
4869 | 4871 |
4870 bio = BIO_new(BIO_s_mem()); | 4872 bio = BIO_new(BIO_s_mem()); |
4871 if (bio == NULL) { | 4873 if (bio == NULL) { |
4874 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed"); | |
4872 X509_free(cert); | 4875 X509_free(cert); |
4873 return NGX_ERROR; | 4876 return NGX_ERROR; |
4874 } | 4877 } |
4875 | 4878 |
4876 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { | 4879 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { |
4880 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_print_ex() failed"); | |
4877 goto failed; | 4881 goto failed; |
4878 } | 4882 } |
4879 | 4883 |
4880 s->len = BIO_pending(bio); | 4884 s->len = BIO_pending(bio); |
4881 s->data = ngx_pnalloc(pool, s->len); | 4885 s->data = ngx_pnalloc(pool, s->len); |
5009 return NGX_OK; | 5013 return NGX_OK; |
5010 } | 5014 } |
5011 | 5015 |
5012 bio = BIO_new(BIO_s_mem()); | 5016 bio = BIO_new(BIO_s_mem()); |
5013 if (bio == NULL) { | 5017 if (bio == NULL) { |
5018 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed"); | |
5014 X509_free(cert); | 5019 X509_free(cert); |
5015 return NGX_ERROR; | 5020 return NGX_ERROR; |
5016 } | 5021 } |
5017 | 5022 |
5018 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)); | 5023 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)); |
5047 if (cert == NULL) { | 5052 if (cert == NULL) { |
5048 return NGX_OK; | 5053 return NGX_OK; |
5049 } | 5054 } |
5050 | 5055 |
5051 if (!X509_digest(cert, EVP_sha1(), buf, &len)) { | 5056 if (!X509_digest(cert, EVP_sha1(), buf, &len)) { |
5057 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_digest() failed"); | |
5052 X509_free(cert); | 5058 X509_free(cert); |
5053 return NGX_ERROR; | 5059 return NGX_ERROR; |
5054 } | 5060 } |
5055 | 5061 |
5056 s->len = 2 * len; | 5062 s->len = 2 * len; |
5120 return NGX_OK; | 5126 return NGX_OK; |
5121 } | 5127 } |
5122 | 5128 |
5123 bio = BIO_new(BIO_s_mem()); | 5129 bio = BIO_new(BIO_s_mem()); |
5124 if (bio == NULL) { | 5130 if (bio == NULL) { |
5131 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed"); | |
5125 X509_free(cert); | 5132 X509_free(cert); |
5126 return NGX_ERROR; | 5133 return NGX_ERROR; |
5127 } | 5134 } |
5128 | 5135 |
5129 #if OPENSSL_VERSION_NUMBER > 0x10100000L | 5136 #if OPENSSL_VERSION_NUMBER > 0x10100000L |
5164 return NGX_OK; | 5171 return NGX_OK; |
5165 } | 5172 } |
5166 | 5173 |
5167 bio = BIO_new(BIO_s_mem()); | 5174 bio = BIO_new(BIO_s_mem()); |
5168 if (bio == NULL) { | 5175 if (bio == NULL) { |
5176 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed"); | |
5169 X509_free(cert); | 5177 X509_free(cert); |
5170 return NGX_ERROR; | 5178 return NGX_ERROR; |
5171 } | 5179 } |
5172 | 5180 |
5173 #if OPENSSL_VERSION_NUMBER > 0x10100000L | 5181 #if OPENSSL_VERSION_NUMBER > 0x10100000L |
5206 if (cert == NULL) { | 5214 if (cert == NULL) { |
5207 return NGX_OK; | 5215 return NGX_OK; |
5208 } | 5216 } |
5209 | 5217 |
5210 #if OPENSSL_VERSION_NUMBER > 0x10100000L | 5218 #if OPENSSL_VERSION_NUMBER > 0x10100000L |
5211 end = ngx_ssl_parse_time(X509_get0_notAfter(cert)); | 5219 end = ngx_ssl_parse_time(X509_get0_notAfter(cert), c->log); |
5212 #else | 5220 #else |
5213 end = ngx_ssl_parse_time(X509_get_notAfter(cert)); | 5221 end = ngx_ssl_parse_time(X509_get_notAfter(cert), c->log); |
5214 #endif | 5222 #endif |
5215 | 5223 |
5216 if (end == (time_t) NGX_ERROR) { | 5224 if (end == (time_t) NGX_ERROR) { |
5217 X509_free(cert); | 5225 X509_free(cert); |
5218 return NGX_OK; | 5226 return NGX_OK; |
5243 static time_t | 5251 static time_t |
5244 ngx_ssl_parse_time( | 5252 ngx_ssl_parse_time( |
5245 #if OPENSSL_VERSION_NUMBER > 0x10100000L | 5253 #if OPENSSL_VERSION_NUMBER > 0x10100000L |
5246 const | 5254 const |
5247 #endif | 5255 #endif |
5248 ASN1_TIME *asn1time) | 5256 ASN1_TIME *asn1time, ngx_log_t *log) |
5249 { | 5257 { |
5250 BIO *bio; | 5258 BIO *bio; |
5251 char *value; | 5259 char *value; |
5252 size_t len; | 5260 size_t len; |
5253 time_t time; | 5261 time_t time; |
5259 * "Feb 3 00:55:52 2015 GMT"), and parse the result. | 5267 * "Feb 3 00:55:52 2015 GMT"), and parse the result. |
5260 */ | 5268 */ |
5261 | 5269 |
5262 bio = BIO_new(BIO_s_mem()); | 5270 bio = BIO_new(BIO_s_mem()); |
5263 if (bio == NULL) { | 5271 if (bio == NULL) { |
5272 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "BIO_new() failed"); | |
5264 return NGX_ERROR; | 5273 return NGX_ERROR; |
5265 } | 5274 } |
5266 | 5275 |
5267 /* fake weekday prepended to match C asctime() format */ | 5276 /* fake weekday prepended to match C asctime() format */ |
5268 | 5277 |