Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5531:97e3769637a7
SSL: fixed $ssl_session_id variable.
Previously, it used to contain full session serialized instead of just
a session id, making it almost impossible to use the variable in a safe
way.
Thanks to Ivan Ristić.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 22 Jan 2014 16:05:06 +0400 |
| parents | a297b7ad6f94 |
| children | 49b1ad48b55c |
comparison
equal
deleted
inserted
replaced
| 5530:827e53c136b0 | 5531:97e3769637a7 |
|---|---|
| 2502 | 2502 |
| 2503 ngx_int_t | 2503 ngx_int_t |
| 2504 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 2504 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
| 2505 { | 2505 { |
| 2506 int len; | 2506 int len; |
| 2507 u_char *p, *buf; | 2507 u_char *buf; |
| 2508 SSL_SESSION *sess; | 2508 SSL_SESSION *sess; |
| 2509 | 2509 |
| 2510 sess = SSL_get0_session(c->ssl->connection); | 2510 sess = SSL_get0_session(c->ssl->connection); |
| 2511 | 2511 |
| 2512 len = i2d_SSL_SESSION(sess, NULL); | 2512 buf = sess->session_id; |
| 2513 | 2513 len = sess->session_id_length; |
| 2514 buf = ngx_alloc(len, c->log); | |
| 2515 if (buf == NULL) { | |
| 2516 return NGX_ERROR; | |
| 2517 } | |
| 2518 | 2514 |
| 2519 s->len = 2 * len; | 2515 s->len = 2 * len; |
| 2520 s->data = ngx_pnalloc(pool, 2 * len); | 2516 s->data = ngx_pnalloc(pool, 2 * len); |
| 2521 if (s->data == NULL) { | 2517 if (s->data == NULL) { |
| 2522 ngx_free(buf); | 2518 return NGX_ERROR; |
| 2523 return NGX_ERROR; | 2519 } |
| 2524 } | |
| 2525 | |
| 2526 p = buf; | |
| 2527 i2d_SSL_SESSION(sess, &p); | |
| 2528 | 2520 |
| 2529 ngx_hex_dump(s->data, buf, len); | 2521 ngx_hex_dump(s->data, buf, len); |
| 2530 | |
| 2531 ngx_free(buf); | |
| 2532 | 2522 |
| 2533 return NGX_OK; | 2523 return NGX_OK; |
| 2534 } | 2524 } |
| 2535 | 2525 |
| 2536 | 2526 |