Mercurial > hg > nginx
comparison src/mail/ngx_mail_auth_http_module.c @ 5990:6a7c6973d6fc
Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Previously, the Auth-SSL-Verify header with the "NONE" value was always passed
to the auth_http script if verification of client certificates is disabled.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Fri, 27 Feb 2015 16:28:31 +0300 |
| parents | ec01b1d1fff1 |
| children | add12ee1d01c |
comparison
equal
deleted
inserted
replaced
| 5989:ec01b1d1fff1 | 5990:6a7c6973d6fc |
|---|---|
| 1153 ngx_str_t login, passwd; | 1153 ngx_str_t login, passwd; |
| 1154 #if (NGX_MAIL_SSL) | 1154 #if (NGX_MAIL_SSL) |
| 1155 ngx_str_t verify, subject, issuer, serial, fingerprint, | 1155 ngx_str_t verify, subject, issuer, serial, fingerprint, |
| 1156 raw_cert, cert; | 1156 raw_cert, cert; |
| 1157 ngx_connection_t *c; | 1157 ngx_connection_t *c; |
| 1158 ngx_mail_ssl_conf_t *sslcf; | |
| 1158 #endif | 1159 #endif |
| 1159 ngx_mail_core_srv_conf_t *cscf; | 1160 ngx_mail_core_srv_conf_t *cscf; |
| 1160 | 1161 |
| 1161 if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) { | 1162 if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) { |
| 1162 return NULL; | 1163 return NULL; |
| 1167 } | 1168 } |
| 1168 | 1169 |
| 1169 #if (NGX_MAIL_SSL) | 1170 #if (NGX_MAIL_SSL) |
| 1170 | 1171 |
| 1171 c = s->connection; | 1172 c = s->connection; |
| 1172 | 1173 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); |
| 1173 if (c->ssl) { | 1174 |
| 1175 if (c->ssl && sslcf->verify) { | |
| 1174 | 1176 |
| 1175 /* certificate details */ | 1177 /* certificate details */ |
| 1176 | 1178 |
| 1177 if (ngx_ssl_get_client_verify(c, pool, &verify) != NGX_OK) { | 1179 if (ngx_ssl_get_client_verify(c, pool, &verify) != NGX_OK) { |
| 1178 return NULL; | 1180 return NULL; |
| 1337 | 1339 |
| 1338 if (c->ssl) { | 1340 if (c->ssl) { |
| 1339 b->last = ngx_cpymem(b->last, "Auth-SSL: on" CRLF, | 1341 b->last = ngx_cpymem(b->last, "Auth-SSL: on" CRLF, |
| 1340 sizeof("Auth-SSL: on" CRLF) - 1); | 1342 sizeof("Auth-SSL: on" CRLF) - 1); |
| 1341 | 1343 |
| 1342 b->last = ngx_cpymem(b->last, "Auth-SSL-Verify: ", | 1344 if (verify.len) { |
| 1343 sizeof("Auth-SSL-Verify: ") - 1); | 1345 b->last = ngx_cpymem(b->last, "Auth-SSL-Verify: ", |
| 1344 b->last = ngx_copy(b->last, verify.data, verify.len); | 1346 sizeof("Auth-SSL-Verify: ") - 1); |
| 1345 *b->last++ = CR; *b->last++ = LF; | 1347 b->last = ngx_copy(b->last, verify.data, verify.len); |
| 1348 *b->last++ = CR; *b->last++ = LF; | |
| 1349 } | |
| 1346 | 1350 |
| 1347 if (subject.len) { | 1351 if (subject.len) { |
| 1348 b->last = ngx_cpymem(b->last, "Auth-SSL-Subject: ", | 1352 b->last = ngx_cpymem(b->last, "Auth-SSL-Subject: ", |
| 1349 sizeof("Auth-SSL-Subject: ") - 1); | 1353 sizeof("Auth-SSL-Subject: ") - 1); |
| 1350 b->last = ngx_copy(b->last, subject.data, subject.len); | 1354 b->last = ngx_copy(b->last, subject.data, subject.len); |