nginx: src/event/ngx_event_openssl

comparison src/event/ngx_event_openssl_stapling.c @ 6813:94586180fb41

OCSP stapling: improved error logging context. It now logs the IP address of the responder used (if it's already known), as well as the certificate name.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 05 Dec 2016 22:23:22 +0300
parents	a7ec59df0c4d
children	e7cb5deb951d

comparison

equal deleted inserted replaced

-:a7ec59df0c4d
+:94586180fb41
 typedef struct ngx_ssl_ocsp_ctx_s  ngx_ssl_ocsp_ctx_t;
 struct ngx_ssl_ocsp_ctx_s {
 X509                        *cert;
 X509                        *issuer;
+u_char                      *name;
 ngx_uint_t                   naddrs;
 ngx_addr_t                  *addrs;
 ngx_str_t                    host;
 return;
 }
 ctx->cert = staple->cert;
 ctx->issuer = staple->issuer;
+ctx->name = staple->name;
 ctx->addrs = staple->addrs;
 ctx->host = staple->host;
 ctx->uri = staple->uri;
 ctx->port = staple->port;
 p = buf;
 if (log->action) {
 p = ngx_snprintf(buf, len, " while %s", log->action);
 len -= p - buf;
+buf = p;
 }
 ctx = log->data;
 if (ctx) {
-p = ngx_snprintf(p, len, ", responder: %V", &ctx->host);
+p = ngx_snprintf(buf, len, ", responder: %V", &ctx->host);
+len -= p - buf;
+buf = p;
+}
+if (ctx && ctx->peer.name) {
+p = ngx_snprintf(buf, len, ", peer: %V", ctx->peer.name);
+len -= p - buf;
+buf = p;
+}
+if (ctx && ctx->name) {
+p = ngx_snprintf(buf, len, ", certificate: \"%s\"", ctx->name);
+len -= p - buf;
+buf = p;
 }
 return p;
 }

Mercurial > hg > nginx

comparison src/event/ngx_event_openssl_stapling.c @ 6813:94586180fb41