Mercurial > hg > nginx

diff src/http/modules/ngx_http_ssl_module.c @ 2123:9697407e9ecb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
*) ssl_verify_client ask *) test ssl_client_certificate for ssl_verify_client *) $ssl_client_cert adds TAB before each line except first one *) $ssl_client_raw_cert contains certificate as is
author Igor Sysoev <igor@sysoev.ru>
date Tue, 29 Jul 2008 14:29:02 +0000
parents 2b11822b12d6
children e0b424b98f24
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -49,6 +49,14 @@ static ngx_conf_bitmask_t  ngx_http_ssl_
 };
 
 
+static ngx_conf_enum_t  ngx_http_ssl_verify[] = {
+    { ngx_string("off"), 0 },
+    { ngx_string("on"), 1 },
+    { ngx_string("ask"), 2 },
+    { ngx_null_string, 0 }
+};
+
+
 static ngx_command_t  ngx_http_ssl_commands[] = {
 
     { ngx_string("ssl"),
@@ -95,10 +103,10 @@ static ngx_command_t  ngx_http_ssl_comma
 
     { ngx_string("ssl_verify_client"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
-      ngx_conf_set_flag_slot,
+      ngx_conf_set_enum_slot,
       NGX_HTTP_SRV_CONF_OFFSET,
       offsetof(ngx_http_ssl_srv_conf_t, verify),
-      NULL },
+      &ngx_http_ssl_verify },
 
     { ngx_string("ssl_verify_depth"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
@@ -185,6 +193,10 @@ static ngx_http_variable_t  ngx_http_ssl
     { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
       (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
 
+    { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable,
+      (uintptr_t) ngx_ssl_get_raw_certificate,
+      NGX_HTTP_VAR_CHANGEABLE, 0 },
+
     { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable,
       (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
 
@@ -307,9 +319,9 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t 
      */
 
     sscf->enable = NGX_CONF_UNSET;
+    sscf->prefer_server_ciphers = NGX_CONF_UNSET;
     sscf->verify = NGX_CONF_UNSET;
     sscf->verify_depth = NGX_CONF_UNSET;
-    sscf->prefer_server_ciphers = NGX_CONF_UNSET;
     sscf->builtin_session_cache = NGX_CONF_UNSET;
     sscf->session_timeout = NGX_CONF_UNSET;
 
@@ -341,8 +353,8 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
                          (NGX_CONF_BITMASK_SET
                           |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
 
-    ngx_conf_merge_value(conf->verify, prev->verify, 0);
-    ngx_conf_merge_value(conf->verify_depth, prev->verify_depth, 1);
+    ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
+    ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
 
     ngx_conf_merge_str_value(conf->certificate, prev->certificate,
                          NGX_DEFLAUT_CERTIFICATE);
@@ -402,6 +414,13 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
     }
 
     if (conf->verify) {
+
+        if (conf->client_certificate.len == 0) {
+            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+                          "no ssl_client_certificate for ssl_client_verify");
+            return NGX_CONF_ERROR;
+        }
+
         if (ngx_ssl_client_certificate(cf, &conf->ssl,
                                        &conf->client_certificate,
                                        conf->verify_depth)