Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5566:70f4d99ded41 stable-1.4
SSL: fixed $ssl_session_id variable.
Previously, it used to contain full session serialized instead of just
a session id, making it almost impossible to use the variable in a safe
way.
Thanks to Ivan Ristić.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 22 Jan 2014 16:05:06 +0400 |
| parents | 35b00bcf72fe |
| children | 5a38f9609d85 |
comparison
equal
deleted
inserted
replaced
| 5565:b8e6297358b5 | 5566:70f4d99ded41 |
|---|---|
| 2227 | 2227 |
| 2228 ngx_int_t | 2228 ngx_int_t |
| 2229 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 2229 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
| 2230 { | 2230 { |
| 2231 int len; | 2231 int len; |
| 2232 u_char *p, *buf; | 2232 u_char *buf; |
| 2233 SSL_SESSION *sess; | 2233 SSL_SESSION *sess; |
| 2234 | 2234 |
| 2235 sess = SSL_get0_session(c->ssl->connection); | 2235 sess = SSL_get0_session(c->ssl->connection); |
| 2236 | 2236 |
| 2237 len = i2d_SSL_SESSION(sess, NULL); | 2237 buf = sess->session_id; |
| 2238 | 2238 len = sess->session_id_length; |
| 2239 buf = ngx_alloc(len, c->log); | |
| 2240 if (buf == NULL) { | |
| 2241 return NGX_ERROR; | |
| 2242 } | |
| 2243 | 2239 |
| 2244 s->len = 2 * len; | 2240 s->len = 2 * len; |
| 2245 s->data = ngx_pnalloc(pool, 2 * len); | 2241 s->data = ngx_pnalloc(pool, 2 * len); |
| 2246 if (s->data == NULL) { | 2242 if (s->data == NULL) { |
| 2247 ngx_free(buf); | 2243 return NGX_ERROR; |
| 2248 return NGX_ERROR; | 2244 } |
| 2249 } | |
| 2250 | |
| 2251 p = buf; | |
| 2252 i2d_SSL_SESSION(sess, &p); | |
| 2253 | 2245 |
| 2254 ngx_hex_dump(s->data, buf, len); | 2246 ngx_hex_dump(s->data, buf, len); |
| 2255 | |
| 2256 ngx_free(buf); | |
| 2257 | 2247 |
| 2258 return NGX_OK; | 2248 return NGX_OK; |
| 2259 } | 2249 } |
| 2260 | 2250 |
| 2261 | 2251 |