nginx: src/event/ngx_event_openssl.c comparison

comparison src/event/ngx_event_openssl.c @ 7091:82f0b8dcca27

SSL: the $ssl_client_escaped_cert variable (ticket #857). This variable contains URL-encoded client SSL certificate. In contrast to $ssl_client_cert, it doesn't depend on deprecated header continuation. The NGX_ESCAPE_URI_COMPONENT variant of encoding is used, so the resulting variable can be safely used not only in headers, but also as a request argument. The $ssl_client_cert variable should be considered deprecated now. The $ssl_client_raw_cert variable will be eventually renambed back to $ssl_client_cert.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Tue, 22 Aug 2017 15:18:10 +0300
parents	47b7ffc3339d
children	2e8de3d81783

comparison

equal deleted inserted replaced

-:a2f5e25d6a28
+:82f0b8dcca27
 return NGX_OK;
 }
 ngx_int_t
+ngx_ssl_get_escaped_certificate(ngx_connection_t *c, ngx_pool_t *pool,
+ngx_str_t *s)
+{
+ngx_str_t  cert;
+uintptr_t  n;
+if (ngx_ssl_get_raw_certificate(c, pool, &cert) != NGX_OK) {
+return NGX_ERROR;
+}
+if (cert.len == 0) {
+s->len = 0;
+return NGX_OK;
+}
+n = ngx_escape_uri(NULL, cert.data, cert.len, NGX_ESCAPE_URI_COMPONENT);
+s->len = cert.len + n * 2;
+s->data = ngx_pnalloc(pool, s->len);
+if (s->data == NULL) {
+return NGX_ERROR;
+}
+ngx_escape_uri(s->data, cert.data, cert.len, NGX_ESCAPE_URI_COMPONENT);
+return NGX_OK;
+}
+ngx_int_t
 ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 {
 BIO        *bio;
 X509       *cert;
 X509_NAME  *name;

Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 7091:82f0b8dcca27