Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6812:a7ec59df0c4d
OCSP stapling: added certificate name to warnings.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 05 Dec 2016 22:23:22 +0300 |
| parents | 56d6bfe6b609 |
| children | 379139020d36 |
comparison
equal
deleted
inserted
replaced
| 6811:5eb3309d0b9e | 6812:a7ec59df0c4d |
|---|---|
| 104 int ngx_ssl_server_conf_index; | 104 int ngx_ssl_server_conf_index; |
| 105 int ngx_ssl_session_cache_index; | 105 int ngx_ssl_session_cache_index; |
| 106 int ngx_ssl_session_ticket_keys_index; | 106 int ngx_ssl_session_ticket_keys_index; |
| 107 int ngx_ssl_certificate_index; | 107 int ngx_ssl_certificate_index; |
| 108 int ngx_ssl_next_certificate_index; | 108 int ngx_ssl_next_certificate_index; |
| 109 int ngx_ssl_certificate_name_index; | |
| 109 int ngx_ssl_stapling_index; | 110 int ngx_ssl_stapling_index; |
| 110 | 111 |
| 111 | 112 |
| 112 ngx_int_t | 113 ngx_int_t |
| 113 ngx_ssl_init(ngx_log_t *log) | 114 ngx_ssl_init(ngx_log_t *log) |
| 191 if (ngx_ssl_next_certificate_index == -1) { | 192 if (ngx_ssl_next_certificate_index == -1) { |
| 192 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed"); | 193 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed"); |
| 193 return NGX_ERROR; | 194 return NGX_ERROR; |
| 194 } | 195 } |
| 195 | 196 |
| 197 ngx_ssl_certificate_name_index = X509_get_ex_new_index(0, NULL, NULL, NULL, | |
| 198 NULL); | |
| 199 | |
| 200 if (ngx_ssl_certificate_name_index == -1) { | |
| 201 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed"); | |
| 202 return NGX_ERROR; | |
| 203 } | |
| 204 | |
| 196 ngx_ssl_stapling_index = X509_get_ex_new_index(0, NULL, NULL, NULL, NULL); | 205 ngx_ssl_stapling_index = X509_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
| 197 | 206 |
| 198 if (ngx_ssl_stapling_index == -1) { | 207 if (ngx_ssl_stapling_index == -1) { |
| 199 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed"); | 208 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed"); |
| 200 return NGX_ERROR; | 209 return NGX_ERROR; |
| 378 } | 387 } |
| 379 | 388 |
| 380 if (SSL_CTX_use_certificate(ssl->ctx, x509) == 0) { | 389 if (SSL_CTX_use_certificate(ssl->ctx, x509) == 0) { |
| 381 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 390 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
| 382 "SSL_CTX_use_certificate(\"%s\") failed", cert->data); | 391 "SSL_CTX_use_certificate(\"%s\") failed", cert->data); |
| 392 X509_free(x509); | |
| 393 BIO_free(bio); | |
| 394 return NGX_ERROR; | |
| 395 } | |
| 396 | |
| 397 if (X509_set_ex_data(x509, ngx_ssl_certificate_name_index, cert->data) | |
| 398 == 0) | |
| 399 { | |
| 400 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "X509_set_ex_data() failed"); | |
| 383 X509_free(x509); | 401 X509_free(x509); |
| 384 BIO_free(bio); | 402 BIO_free(bio); |
| 385 return NGX_ERROR; | 403 return NGX_ERROR; |
| 386 } | 404 } |
| 387 | 405 |