Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 2995:cc07d164f0dc
ssl_crl
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Thu, 23 Jul 2009 12:21:26 +0000 |
| parents | f33c48457d0c |
| children | d6285ff81d35 |
comparison
equal
deleted
inserted
replaced
| 2994:f33c48457d0c | 2995:cc07d164f0dc |
|---|---|
| 260 */ | 260 */ |
| 261 | 261 |
| 262 ERR_clear_error(); | 262 ERR_clear_error(); |
| 263 | 263 |
| 264 SSL_CTX_set_client_CA_list(ssl->ctx, list); | 264 SSL_CTX_set_client_CA_list(ssl->ctx, list); |
| 265 | |
| 266 return NGX_OK; | |
| 267 } | |
| 268 | |
| 269 | |
| 270 ngx_int_t | |
| 271 ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl) | |
| 272 { | |
| 273 X509_STORE *store; | |
| 274 X509_LOOKUP *lookup; | |
| 275 | |
| 276 if (crl->len == 0) { | |
| 277 return NGX_OK; | |
| 278 } | |
| 279 | |
| 280 if (ngx_conf_full_name(cf->cycle, crl, 1) != NGX_OK) { | |
| 281 return NGX_ERROR; | |
| 282 } | |
| 283 | |
| 284 store = SSL_CTX_get_cert_store(ssl->ctx); | |
| 285 | |
| 286 if (store == NULL) { | |
| 287 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
| 288 "SSL_CTX_get_cert_store() failed"); | |
| 289 return NGX_ERROR; | |
| 290 } | |
| 291 | |
| 292 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); | |
| 293 | |
| 294 if (lookup == NULL) { | |
| 295 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
| 296 "X509_STORE_add_lookup() failed"); | |
| 297 return NGX_ERROR; | |
| 298 } | |
| 299 | |
| 300 if (X509_LOOKUP_load_file(lookup, (char *) crl->data, X509_FILETYPE_PEM) | |
| 301 == 0) | |
| 302 { | |
| 303 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
| 304 "X509_LOOKUP_load_file(\"%s\") failed", crl->data); | |
| 305 return NGX_ERROR; | |
| 306 } | |
| 307 | |
| 308 X509_STORE_set_flags(store, | |
| 309 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); | |
| 265 | 310 |
| 266 return NGX_OK; | 311 return NGX_OK; |
| 267 } | 312 } |
| 268 | 313 |
| 269 | 314 |