Mercurial > hg > nginx

changeset 6813:94586180fb41

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
OCSP stapling: improved error logging context. It now logs the IP address of the responder used (if it's already known), as well as the certificate name.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 05 Dec 2016 22:23:22 +0300
parents a7ec59df0c4d
children 379139020d36
files src/event/ngx_event_openssl_stapling.c
diffstat 1 files changed, 19 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -47,6 +47,8 @@ struct ngx_ssl_ocsp_ctx_s {
     X509                        *cert;
     X509                        *issuer;
 
+    u_char                      *name;
+
     ngx_uint_t                   naddrs;
 
     ngx_addr_t                  *addrs;
@@ -559,6 +561,7 @@ ngx_ssl_stapling_update(ngx_ssl_stapling
 
     ctx->cert = staple->cert;
     ctx->issuer = staple->issuer;
+    ctx->name = staple->name;
 
     ctx->addrs = staple->addrs;
     ctx->host = staple->host;
@@ -1837,12 +1840,27 @@ ngx_ssl_ocsp_log_error(ngx_log_t *log, u
     if (log->action) {
         p = ngx_snprintf(buf, len, " while %s", log->action);
         len -= p - buf;
+        buf = p;
     }
 
     ctx = log->data;
 
     if (ctx) {
-        p = ngx_snprintf(p, len, ", responder: %V", &ctx->host);
+        p = ngx_snprintf(buf, len, ", responder: %V", &ctx->host);
+        len -= p - buf;
+        buf = p;
+    }
+
+    if (ctx && ctx->peer.name) {
+        p = ngx_snprintf(buf, len, ", peer: %V", ctx->peer.name);
+        len -= p - buf;
+        buf = p;
+    }
+
+    if (ctx && ctx->name) {
+        p = ngx_snprintf(buf, len, ", certificate: \"%s\"", ctx->name);
+        len -= p - buf;
+        buf = p;
     }
 
     return p;