Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 6780:56d6bfe6b609

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn. Originally, the variables kept a result of X509_NAME_oneline(), which is, according to the official documentation, a legacy function. It produces a non standard output form and has various quirks and inconsistencies. The RFC2253 compliant behavior is introduced for these variables. The original variables are available through $ssl_client_s_dn_legacy and $ssl_client_i_dn_legacy.
author Dmitry Volyntsev <xeioex@nginx.com>
date Fri, 21 Oct 2016 16:28:39 +0300
parents 8081e1f3ab8b
children a7ec59df0c4d
comparison
equal deleted inserted replaced
6779:e4b00a021cea 6780:56d6bfe6b609
3436 3436
3437 3437
3438 ngx_int_t 3438 ngx_int_t
3439 ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) 3439 ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
3440 { 3440 {
3441 BIO *bio;
3442 X509 *cert;
3443 X509_NAME *name;
3444
3445 s->len = 0;
3446
3447 cert = SSL_get_peer_certificate(c->ssl->connection);
3448 if (cert == NULL) {
3449 return NGX_OK;
3450 }
3451
3452 name = X509_get_subject_name(cert);
3453 if (name == NULL) {
3454 return NGX_ERROR;
3455 }
3456
3457 bio = BIO_new(BIO_s_mem());
3458 if (bio == NULL) {
3459 X509_free(cert);
3460 return NGX_ERROR;
3461 }
3462
3463 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) {
3464 goto failed;
3465 }
3466
3467 s->len = BIO_pending(bio);
3468 s->data = ngx_pnalloc(pool, s->len);
3469 if (s->data == NULL) {
3470 goto failed;
3471 }
3472
3473 BIO_read(bio, s->data, s->len);
3474
3475 BIO_free(bio);
3476 X509_free(cert);
3477
3478 return NGX_OK;
3479
3480 failed:
3481
3482 BIO_free(bio);
3483 X509_free(cert);
3484
3485 return NGX_ERROR;
3486 }
3487
3488
3489 ngx_int_t
3490 ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
3491 {
3492 BIO *bio;
3493 X509 *cert;
3494 X509_NAME *name;
3495
3496 s->len = 0;
3497
3498 cert = SSL_get_peer_certificate(c->ssl->connection);
3499 if (cert == NULL) {
3500 return NGX_OK;
3501 }
3502
3503 name = X509_get_issuer_name(cert);
3504 if (name == NULL) {
3505 return NGX_ERROR;
3506 }
3507
3508 bio = BIO_new(BIO_s_mem());
3509 if (bio == NULL) {
3510 X509_free(cert);
3511 return NGX_ERROR;
3512 }
3513
3514 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) {
3515 goto failed;
3516 }
3517
3518 s->len = BIO_pending(bio);
3519 s->data = ngx_pnalloc(pool, s->len);
3520 if (s->data == NULL) {
3521 goto failed;
3522 }
3523
3524 BIO_read(bio, s->data, s->len);
3525
3526 BIO_free(bio);
3527 X509_free(cert);
3528
3529 return NGX_OK;
3530
3531 failed:
3532
3533 BIO_free(bio);
3534 X509_free(cert);
3535
3536 return NGX_ERROR;
3537 }
3538
3539
3540 ngx_int_t
3541 ngx_ssl_get_subject_dn_legacy(ngx_connection_t *c, ngx_pool_t *pool,
3542 ngx_str_t *s)
3543 {
3441 char *p; 3544 char *p;
3442 size_t len; 3545 size_t len;
3443 X509 *cert; 3546 X509 *cert;
3444 X509_NAME *name; 3547 X509_NAME *name;
3445 3548
3476 return NGX_OK; 3579 return NGX_OK;
3477 } 3580 }
3478 3581
3479 3582
3480 ngx_int_t 3583 ngx_int_t
3481 ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) 3584 ngx_ssl_get_issuer_dn_legacy(ngx_connection_t *c, ngx_pool_t *pool,
3585 ngx_str_t *s)
3482 { 3586 {
3483 char *p; 3587 char *p;
3484 size_t len; 3588 size_t len;
3485 X509 *cert; 3589 X509 *cert;
3486 X509_NAME *name; 3590 X509_NAME *name;