Mercurial > hg > nginx

diff src/http/ngx_http_request.c @ 8411:7995cd199b52 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merged with the default branch.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 26 May 2020 20:26:44 +0300
parents 5b367070cc9c 8409f9df6219
children 2bf17a829ddc
line wrap: on
line diff
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -2127,6 +2127,7 @@ ngx_http_process_request(ngx_http_reques
     if (r->http_connection->ssl) {
         long                      rc;
         X509                     *cert;
+        const char               *s;
         ngx_http_ssl_srv_conf_t  *sscf;
 
         if (c->ssl == NULL) {
@@ -2171,6 +2172,17 @@ ngx_http_process_request(ngx_http_reques
 
                 X509_free(cert);
             }
+
+            if (ngx_ssl_ocsp_get_status(c, &s) != NGX_OK) {
+                ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                              "client SSL certificate verify error: %s", s);
+
+                ngx_ssl_remove_cached_session(c->ssl->session_ctx,
+                                       (SSL_get0_session(c->ssl->connection)));
+
+                ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
+                return;
+            }
         }
     }