Mercurial > hg > nginx
comparison src/event/ngx_event_openssl_stapling.c @ 5215:cfab1e7e4ac2
OCSP stapling: fix error logging of successful OCSP responses.
Due to a bad argument list, nginx worker would crash (SIGSEGV) while
trying to log the fact that it received OCSP response with "revoked"
or "unknown" certificate status.
While there, fix similar (but non-crashing) error a few lines above.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
author | Piotr Sikora <piotr@cloudflare.com> |
---|---|
date | Thu, 16 May 2013 15:37:13 -0700 |
parents | 0254c1a43fe5 |
children | a855ae7e6377 |
comparison
equal
deleted
inserted
replaced
5214:2220de0521ca | 5215:cfab1e7e4ac2 |
---|---|
609 if (OCSP_resp_find_status(basic, id, &n, NULL, NULL, | 609 if (OCSP_resp_find_status(basic, id, &n, NULL, NULL, |
610 &thisupdate, &nextupdate) | 610 &thisupdate, &nextupdate) |
611 != 1) | 611 != 1) |
612 { | 612 { |
613 ngx_log_error(NGX_LOG_ERR, ctx->log, 0, | 613 ngx_log_error(NGX_LOG_ERR, ctx->log, 0, |
614 "certificate status not found in the OCSP response", | 614 "certificate status not found in the OCSP response"); |
615 n, OCSP_response_status_str(n)); | |
616 goto error; | 615 goto error; |
617 } | 616 } |
618 | 617 |
619 if (n != V_OCSP_CERTSTATUS_GOOD) { | 618 if (n != V_OCSP_CERTSTATUS_GOOD) { |
620 ngx_log_error(NGX_LOG_ERR, ctx->log, 0, | 619 ngx_log_error(NGX_LOG_ERR, ctx->log, 0, |
621 "certificate status \"%s\" in the OCSP response", | 620 "certificate status \"%s\" in the OCSP response", |
622 n, OCSP_cert_status_str(n)); | 621 OCSP_cert_status_str(n)); |
623 goto error; | 622 goto error; |
624 } | 623 } |
625 | 624 |
626 if (OCSP_check_validity(thisupdate, nextupdate, 300, -1) != 1) { | 625 if (OCSP_check_validity(thisupdate, nextupdate, 300, -1) != 1) { |
627 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0, | 626 ngx_ssl_error(NGX_LOG_ERR, ctx->log, 0, |