Mercurial > hg > nginx
comparison src/event/ngx_event_openssl_stapling.c @ 6688:6acbe9964ceb
OCSP stapling: fixed using wrong responder with multiple certs.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 12 Sep 2016 20:11:06 +0300 |
| parents | b3b7e33083ac |
| children | 64f5bfba5d96 |
comparison
equal
deleted
inserted
replaced
| 6687:dfa626cdde6b | 6688:6acbe9964ceb |
|---|---|
| 374 ngx_ssl_stapling_responder(ngx_conf_t *cf, ngx_ssl_t *ssl, | 374 ngx_ssl_stapling_responder(ngx_conf_t *cf, ngx_ssl_t *ssl, |
| 375 ngx_ssl_stapling_t *staple, ngx_str_t *responder) | 375 ngx_ssl_stapling_t *staple, ngx_str_t *responder) |
| 376 { | 376 { |
| 377 ngx_url_t u; | 377 ngx_url_t u; |
| 378 char *s; | 378 char *s; |
| 379 ngx_str_t rsp; | |
| 379 STACK_OF(OPENSSL_STRING) *aia; | 380 STACK_OF(OPENSSL_STRING) *aia; |
| 380 | 381 |
| 381 if (responder->len == 0) { | 382 if (responder->len == 0) { |
| 382 | 383 |
| 383 /* extract OCSP responder URL from certificate */ | 384 /* extract OCSP responder URL from certificate */ |
| 400 "\"ssl_stapling\" ignored, " | 401 "\"ssl_stapling\" ignored, " |
| 401 "no OCSP responder URL in the certificate"); | 402 "no OCSP responder URL in the certificate"); |
| 402 X509_email_free(aia); | 403 X509_email_free(aia); |
| 403 return NGX_DECLINED; | 404 return NGX_DECLINED; |
| 404 } | 405 } |
| 406 | |
| 407 responder = &rsp; | |
| 405 | 408 |
| 406 responder->len = ngx_strlen(s); | 409 responder->len = ngx_strlen(s); |
| 407 responder->data = ngx_palloc(cf->pool, responder->len); | 410 responder->data = ngx_palloc(cf->pool, responder->len); |
| 408 if (responder->data == NULL) { | 411 if (responder->data == NULL) { |
| 409 X509_email_free(aia); | 412 X509_email_free(aia); |