Mercurial > hg > nginx

comparison src/event/ngx_event_openssl_stapling.c @ 5215:cfab1e7e4ac2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
OCSP stapling: fix error logging of successful OCSP responses. Due to a bad argument list, nginx worker would crash (SIGSEGV) while trying to log the fact that it received OCSP response with "revoked" or "unknown" certificate status. While there, fix similar (but non-crashing) error a few lines above. Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
author Piotr Sikora <piotr@cloudflare.com>
date Thu, 16 May 2013 15:37:13 -0700
parents 0254c1a43fe5
children a855ae7e6377
comparison
equal deleted inserted replaced
5214:2220de0521ca 5215:cfab1e7e4ac2
609 if (OCSP_resp_find_status(basic, id, &n, NULL, NULL, 609 if (OCSP_resp_find_status(basic, id, &n, NULL, NULL,
610 &thisupdate, &nextupdate) 610 &thisupdate, &nextupdate)
611 != 1) 611 != 1)
612 { 612 {
613 ngx_log_error(NGX_LOG_ERR, ctx->log, 0, 613 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
614 "certificate status not found in the OCSP response", 614 "certificate status not found in the OCSP response");
615 n, OCSP_response_status_str(n));
616 goto error; 615 goto error;
617 } 616 }
618 617
619 if (n != V_OCSP_CERTSTATUS_GOOD) { 618 if (n != V_OCSP_CERTSTATUS_GOOD) {
620 ngx_log_error(NGX_LOG_ERR, ctx->log, 0, 619 ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
621 "certificate status \"%s\" in the OCSP response", 620 "certificate status \"%s\" in the OCSP response",
622 n, OCSP_cert_status_str(n)); 621 OCSP_cert_status_str(n));
623 goto error; 622 goto error;
624 } 623 }
625 624
626 if (OCSP_check_validity(thisupdate, nextupdate, 300, -1) != 1) { 625 if (OCSP_check_validity(thisupdate, nextupdate, 300, -1) != 1) {
627 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0, 626 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0,