Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5531:97e3769637a7
SSL: fixed $ssl_session_id variable.
Previously, it used to contain full session serialized instead of just
a session id, making it almost impossible to use the variable in a safe
way.
Thanks to Ivan Ristić.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 22 Jan 2014 16:05:06 +0400 |
parents | a297b7ad6f94 |
children | 49b1ad48b55c |
comparison
equal
deleted
inserted
replaced
5530:827e53c136b0 | 5531:97e3769637a7 |
---|---|
2502 | 2502 |
2503 ngx_int_t | 2503 ngx_int_t |
2504 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 2504 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
2505 { | 2505 { |
2506 int len; | 2506 int len; |
2507 u_char *p, *buf; | 2507 u_char *buf; |
2508 SSL_SESSION *sess; | 2508 SSL_SESSION *sess; |
2509 | 2509 |
2510 sess = SSL_get0_session(c->ssl->connection); | 2510 sess = SSL_get0_session(c->ssl->connection); |
2511 | 2511 |
2512 len = i2d_SSL_SESSION(sess, NULL); | 2512 buf = sess->session_id; |
2513 | 2513 len = sess->session_id_length; |
2514 buf = ngx_alloc(len, c->log); | |
2515 if (buf == NULL) { | |
2516 return NGX_ERROR; | |
2517 } | |
2518 | 2514 |
2519 s->len = 2 * len; | 2515 s->len = 2 * len; |
2520 s->data = ngx_pnalloc(pool, 2 * len); | 2516 s->data = ngx_pnalloc(pool, 2 * len); |
2521 if (s->data == NULL) { | 2517 if (s->data == NULL) { |
2522 ngx_free(buf); | 2518 return NGX_ERROR; |
2523 return NGX_ERROR; | 2519 } |
2524 } | |
2525 | |
2526 p = buf; | |
2527 i2d_SSL_SESSION(sess, &p); | |
2528 | 2520 |
2529 ngx_hex_dump(s->data, buf, len); | 2521 ngx_hex_dump(s->data, buf, len); |
2530 | |
2531 ngx_free(buf); | |
2532 | 2522 |
2533 return NGX_OK; | 2523 return NGX_OK; |
2534 } | 2524 } |
2535 | 2525 |
2536 | 2526 |