Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6812:a7ec59df0c4d
OCSP stapling: added certificate name to warnings.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 05 Dec 2016 22:23:22 +0300 |
parents | 56d6bfe6b609 |
children | 379139020d36 |
comparison
equal
deleted
inserted
replaced
6811:5eb3309d0b9e | 6812:a7ec59df0c4d |
---|---|
104 int ngx_ssl_server_conf_index; | 104 int ngx_ssl_server_conf_index; |
105 int ngx_ssl_session_cache_index; | 105 int ngx_ssl_session_cache_index; |
106 int ngx_ssl_session_ticket_keys_index; | 106 int ngx_ssl_session_ticket_keys_index; |
107 int ngx_ssl_certificate_index; | 107 int ngx_ssl_certificate_index; |
108 int ngx_ssl_next_certificate_index; | 108 int ngx_ssl_next_certificate_index; |
109 int ngx_ssl_certificate_name_index; | |
109 int ngx_ssl_stapling_index; | 110 int ngx_ssl_stapling_index; |
110 | 111 |
111 | 112 |
112 ngx_int_t | 113 ngx_int_t |
113 ngx_ssl_init(ngx_log_t *log) | 114 ngx_ssl_init(ngx_log_t *log) |
191 if (ngx_ssl_next_certificate_index == -1) { | 192 if (ngx_ssl_next_certificate_index == -1) { |
192 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed"); | 193 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed"); |
193 return NGX_ERROR; | 194 return NGX_ERROR; |
194 } | 195 } |
195 | 196 |
197 ngx_ssl_certificate_name_index = X509_get_ex_new_index(0, NULL, NULL, NULL, | |
198 NULL); | |
199 | |
200 if (ngx_ssl_certificate_name_index == -1) { | |
201 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed"); | |
202 return NGX_ERROR; | |
203 } | |
204 | |
196 ngx_ssl_stapling_index = X509_get_ex_new_index(0, NULL, NULL, NULL, NULL); | 205 ngx_ssl_stapling_index = X509_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
197 | 206 |
198 if (ngx_ssl_stapling_index == -1) { | 207 if (ngx_ssl_stapling_index == -1) { |
199 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed"); | 208 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed"); |
200 return NGX_ERROR; | 209 return NGX_ERROR; |
378 } | 387 } |
379 | 388 |
380 if (SSL_CTX_use_certificate(ssl->ctx, x509) == 0) { | 389 if (SSL_CTX_use_certificate(ssl->ctx, x509) == 0) { |
381 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 390 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
382 "SSL_CTX_use_certificate(\"%s\") failed", cert->data); | 391 "SSL_CTX_use_certificate(\"%s\") failed", cert->data); |
392 X509_free(x509); | |
393 BIO_free(bio); | |
394 return NGX_ERROR; | |
395 } | |
396 | |
397 if (X509_set_ex_data(x509, ngx_ssl_certificate_name_index, cert->data) | |
398 == 0) | |
399 { | |
400 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "X509_set_ex_data() failed"); | |
383 X509_free(x509); | 401 X509_free(x509); |
384 BIO_free(bio); | 402 BIO_free(bio); |
385 return NGX_ERROR; | 403 return NGX_ERROR; |
386 } | 404 } |
387 | 405 |