Mercurial > hg > nginx
comparison src/event/ngx_event_openssl_stapling.c @ 6688:6acbe9964ceb
OCSP stapling: fixed using wrong responder with multiple certs.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 12 Sep 2016 20:11:06 +0300 |
parents | b3b7e33083ac |
children | 64f5bfba5d96 |
comparison
equal
deleted
inserted
replaced
6687:dfa626cdde6b | 6688:6acbe9964ceb |
---|---|
374 ngx_ssl_stapling_responder(ngx_conf_t *cf, ngx_ssl_t *ssl, | 374 ngx_ssl_stapling_responder(ngx_conf_t *cf, ngx_ssl_t *ssl, |
375 ngx_ssl_stapling_t *staple, ngx_str_t *responder) | 375 ngx_ssl_stapling_t *staple, ngx_str_t *responder) |
376 { | 376 { |
377 ngx_url_t u; | 377 ngx_url_t u; |
378 char *s; | 378 char *s; |
379 ngx_str_t rsp; | |
379 STACK_OF(OPENSSL_STRING) *aia; | 380 STACK_OF(OPENSSL_STRING) *aia; |
380 | 381 |
381 if (responder->len == 0) { | 382 if (responder->len == 0) { |
382 | 383 |
383 /* extract OCSP responder URL from certificate */ | 384 /* extract OCSP responder URL from certificate */ |
400 "\"ssl_stapling\" ignored, " | 401 "\"ssl_stapling\" ignored, " |
401 "no OCSP responder URL in the certificate"); | 402 "no OCSP responder URL in the certificate"); |
402 X509_email_free(aia); | 403 X509_email_free(aia); |
403 return NGX_DECLINED; | 404 return NGX_DECLINED; |
404 } | 405 } |
406 | |
407 responder = &rsp; | |
405 | 408 |
406 responder->len = ngx_strlen(s); | 409 responder->len = ngx_strlen(s); |
407 responder->data = ngx_palloc(cf->pool, responder->len); | 410 responder->data = ngx_palloc(cf->pool, responder->len); |
408 if (responder->data == NULL) { | 411 if (responder->data == NULL) { |
409 X509_email_free(aia); | 412 X509_email_free(aia); |