Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 2995:cc07d164f0dc
ssl_crl
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Thu, 23 Jul 2009 12:21:26 +0000 |
parents | f33c48457d0c |
children | d6285ff81d35 |
comparison
equal
deleted
inserted
replaced
2994:f33c48457d0c | 2995:cc07d164f0dc |
---|---|
260 */ | 260 */ |
261 | 261 |
262 ERR_clear_error(); | 262 ERR_clear_error(); |
263 | 263 |
264 SSL_CTX_set_client_CA_list(ssl->ctx, list); | 264 SSL_CTX_set_client_CA_list(ssl->ctx, list); |
265 | |
266 return NGX_OK; | |
267 } | |
268 | |
269 | |
270 ngx_int_t | |
271 ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl) | |
272 { | |
273 X509_STORE *store; | |
274 X509_LOOKUP *lookup; | |
275 | |
276 if (crl->len == 0) { | |
277 return NGX_OK; | |
278 } | |
279 | |
280 if (ngx_conf_full_name(cf->cycle, crl, 1) != NGX_OK) { | |
281 return NGX_ERROR; | |
282 } | |
283 | |
284 store = SSL_CTX_get_cert_store(ssl->ctx); | |
285 | |
286 if (store == NULL) { | |
287 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
288 "SSL_CTX_get_cert_store() failed"); | |
289 return NGX_ERROR; | |
290 } | |
291 | |
292 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); | |
293 | |
294 if (lookup == NULL) { | |
295 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
296 "X509_STORE_add_lookup() failed"); | |
297 return NGX_ERROR; | |
298 } | |
299 | |
300 if (X509_LOOKUP_load_file(lookup, (char *) crl->data, X509_FILETYPE_PEM) | |
301 == 0) | |
302 { | |
303 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
304 "X509_LOOKUP_load_file(\"%s\") failed", crl->data); | |
305 return NGX_ERROR; | |
306 } | |
307 | |
308 X509_STORE_set_flags(store, | |
309 X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); | |
265 | 310 |
266 return NGX_OK; | 311 return NGX_OK; |
267 } | 312 } |
268 | 313 |
269 | 314 |