Mercurial > hg > nginx

diff src/http/ngx_http_request.c @ 2994:f33c48457d0c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
*) $ssl_client_verify *) "ssl_verify_client ask" was changed to "ssl_verify_client optional"
author Igor Sysoev <igor@sysoev.ru>
date Wed, 22 Jul 2009 17:41:42 +0000
parents f592d466bbda
children 66ef86affbb8
line wrap: on
line diff
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1524,7 +1524,7 @@ ngx_http_process_request(ngx_http_reques
 
         sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
 
-        if (sscf->verify == 1) {
+        if (sscf->verify) {
             rc = SSL_get_verify_result(c->ssl->connection);
 
             if (rc != X509_V_OK) {
@@ -1539,20 +1539,22 @@ ngx_http_process_request(ngx_http_reques
                 return;
             }
 
-            cert = SSL_get_peer_certificate(c->ssl->connection);
-
-            if (cert == NULL) {
-                ngx_log_error(NGX_LOG_INFO, c->log, 0,
-                              "client sent no required SSL certificate");
-
-                ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+            if (sscf->verify == 1) {
+                cert = SSL_get_peer_certificate(c->ssl->connection);
+
+                if (cert == NULL) {
+                    ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                                  "client sent no required SSL certificate");
+
+                    ngx_ssl_remove_cached_session(sscf->ssl.ctx,
                                        (SSL_get0_session(c->ssl->connection)));
 
-                ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
-                return;
+                    ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
+                    return;
+                }
+
+                X509_free(cert);
             }
-
-            X509_free(cert);
         }
     }