Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6780:56d6bfe6b609
SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Originally, the variables kept a result of X509_NAME_oneline(),
which is, according to the official documentation, a legacy
function. It produces a non standard output form and has
various quirks and inconsistencies.
The RFC2253 compliant behavior is introduced for these variables.
The original variables are available through $ssl_client_s_dn_legacy
and $ssl_client_i_dn_legacy.
author | Dmitry Volyntsev <xeioex@nginx.com> |
---|---|
date | Fri, 21 Oct 2016 16:28:39 +0300 |
parents | 8081e1f3ab8b |
children | a7ec59df0c4d |
comparison
equal
deleted
inserted
replaced
6779:e4b00a021cea | 6780:56d6bfe6b609 |
---|---|
3436 | 3436 |
3437 | 3437 |
3438 ngx_int_t | 3438 ngx_int_t |
3439 ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 3439 ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
3440 { | 3440 { |
3441 BIO *bio; | |
3442 X509 *cert; | |
3443 X509_NAME *name; | |
3444 | |
3445 s->len = 0; | |
3446 | |
3447 cert = SSL_get_peer_certificate(c->ssl->connection); | |
3448 if (cert == NULL) { | |
3449 return NGX_OK; | |
3450 } | |
3451 | |
3452 name = X509_get_subject_name(cert); | |
3453 if (name == NULL) { | |
3454 return NGX_ERROR; | |
3455 } | |
3456 | |
3457 bio = BIO_new(BIO_s_mem()); | |
3458 if (bio == NULL) { | |
3459 X509_free(cert); | |
3460 return NGX_ERROR; | |
3461 } | |
3462 | |
3463 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { | |
3464 goto failed; | |
3465 } | |
3466 | |
3467 s->len = BIO_pending(bio); | |
3468 s->data = ngx_pnalloc(pool, s->len); | |
3469 if (s->data == NULL) { | |
3470 goto failed; | |
3471 } | |
3472 | |
3473 BIO_read(bio, s->data, s->len); | |
3474 | |
3475 BIO_free(bio); | |
3476 X509_free(cert); | |
3477 | |
3478 return NGX_OK; | |
3479 | |
3480 failed: | |
3481 | |
3482 BIO_free(bio); | |
3483 X509_free(cert); | |
3484 | |
3485 return NGX_ERROR; | |
3486 } | |
3487 | |
3488 | |
3489 ngx_int_t | |
3490 ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
3491 { | |
3492 BIO *bio; | |
3493 X509 *cert; | |
3494 X509_NAME *name; | |
3495 | |
3496 s->len = 0; | |
3497 | |
3498 cert = SSL_get_peer_certificate(c->ssl->connection); | |
3499 if (cert == NULL) { | |
3500 return NGX_OK; | |
3501 } | |
3502 | |
3503 name = X509_get_issuer_name(cert); | |
3504 if (name == NULL) { | |
3505 return NGX_ERROR; | |
3506 } | |
3507 | |
3508 bio = BIO_new(BIO_s_mem()); | |
3509 if (bio == NULL) { | |
3510 X509_free(cert); | |
3511 return NGX_ERROR; | |
3512 } | |
3513 | |
3514 if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) { | |
3515 goto failed; | |
3516 } | |
3517 | |
3518 s->len = BIO_pending(bio); | |
3519 s->data = ngx_pnalloc(pool, s->len); | |
3520 if (s->data == NULL) { | |
3521 goto failed; | |
3522 } | |
3523 | |
3524 BIO_read(bio, s->data, s->len); | |
3525 | |
3526 BIO_free(bio); | |
3527 X509_free(cert); | |
3528 | |
3529 return NGX_OK; | |
3530 | |
3531 failed: | |
3532 | |
3533 BIO_free(bio); | |
3534 X509_free(cert); | |
3535 | |
3536 return NGX_ERROR; | |
3537 } | |
3538 | |
3539 | |
3540 ngx_int_t | |
3541 ngx_ssl_get_subject_dn_legacy(ngx_connection_t *c, ngx_pool_t *pool, | |
3542 ngx_str_t *s) | |
3543 { | |
3441 char *p; | 3544 char *p; |
3442 size_t len; | 3545 size_t len; |
3443 X509 *cert; | 3546 X509 *cert; |
3444 X509_NAME *name; | 3547 X509_NAME *name; |
3445 | 3548 |
3476 return NGX_OK; | 3579 return NGX_OK; |
3477 } | 3580 } |
3478 | 3581 |
3479 | 3582 |
3480 ngx_int_t | 3583 ngx_int_t |
3481 ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 3584 ngx_ssl_get_issuer_dn_legacy(ngx_connection_t *c, ngx_pool_t *pool, |
3585 ngx_str_t *s) | |
3482 { | 3586 { |
3483 char *p; | 3587 char *p; |
3484 size_t len; | 3588 size_t len; |
3485 X509 *cert; | 3589 X509 *cert; |
3486 X509_NAME *name; | 3590 X509_NAME *name; |