Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7091:82f0b8dcca27
SSL: the $ssl_client_escaped_cert variable (ticket #857).
This variable contains URL-encoded client SSL certificate. In contrast
to $ssl_client_cert, it doesn't depend on deprecated header continuation.
The NGX_ESCAPE_URI_COMPONENT variant of encoding is used, so the resulting
variable can be safely used not only in headers, but also as a request
argument.
The $ssl_client_cert variable should be considered deprecated now.
The $ssl_client_raw_cert variable will be eventually renambed back
to $ssl_client_cert.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 22 Aug 2017 15:18:10 +0300 |
parents | 47b7ffc3339d |
children | 2e8de3d81783 |
comparison
equal
deleted
inserted
replaced
7090:a2f5e25d6a28 | 7091:82f0b8dcca27 |
---|---|
3661 return NGX_OK; | 3661 return NGX_OK; |
3662 } | 3662 } |
3663 | 3663 |
3664 | 3664 |
3665 ngx_int_t | 3665 ngx_int_t |
3666 ngx_ssl_get_escaped_certificate(ngx_connection_t *c, ngx_pool_t *pool, | |
3667 ngx_str_t *s) | |
3668 { | |
3669 ngx_str_t cert; | |
3670 uintptr_t n; | |
3671 | |
3672 if (ngx_ssl_get_raw_certificate(c, pool, &cert) != NGX_OK) { | |
3673 return NGX_ERROR; | |
3674 } | |
3675 | |
3676 if (cert.len == 0) { | |
3677 s->len = 0; | |
3678 return NGX_OK; | |
3679 } | |
3680 | |
3681 n = ngx_escape_uri(NULL, cert.data, cert.len, NGX_ESCAPE_URI_COMPONENT); | |
3682 | |
3683 s->len = cert.len + n * 2; | |
3684 s->data = ngx_pnalloc(pool, s->len); | |
3685 if (s->data == NULL) { | |
3686 return NGX_ERROR; | |
3687 } | |
3688 | |
3689 ngx_escape_uri(s->data, cert.data, cert.len, NGX_ESCAPE_URI_COMPONENT); | |
3690 | |
3691 return NGX_OK; | |
3692 } | |
3693 | |
3694 | |
3695 ngx_int_t | |
3666 ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 3696 ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
3667 { | 3697 { |
3668 BIO *bio; | 3698 BIO *bio; |
3669 X509 *cert; | 3699 X509 *cert; |
3670 X509_NAME *name; | 3700 X509_NAME *name; |