Mercurial > hg > nginx

changeset 4877:f2e450929c1f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
OCSP stapling: log error data in ngx_ssl_error(). It's hard to debug OCSP_basic_verify() failures without the actual error string it records in the error data field.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 01 Oct 2012 12:50:36 +0000
parents 1a008f968f6d
children 695cc88ad649
files src/event/ngx_event_openssl.c
diffstat 1 files changed, 17 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1590,10 +1590,12 @@ ngx_ssl_clear_error(ngx_log_t *log)
 void ngx_cdecl
 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
 {
-    u_long    n;
-    va_list   args;
-    u_char   *p, *last;
-    u_char    errstr[NGX_MAX_CONF_ERRSTR];
+    int          flags;
+    u_long       n;
+    va_list      args;
+    u_char      *p, *last;
+    u_char       errstr[NGX_MAX_CONF_ERRSTR];
+    const char  *data;
 
     last = errstr + NGX_MAX_CONF_ERRSTR;
 
@@ -1605,14 +1607,14 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_
 
     for ( ;; ) {
 
-        n = ERR_get_error();
+        n = ERR_peek_error_line_data(NULL, NULL, &data, &flags);
 
         if (n == 0) {
             break;
         }
 
         if (p >= last) {
-            continue;
+            goto next;
         }
 
         *p++ = ' ';
@@ -1622,6 +1624,15 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_
         while (p < last && *p) {
             p++;
         }
+
+        if (p < last && *data && (flags & ERR_TXT_STRING)) {
+            *p++ = ':';
+            p = ngx_cpystrn(p, (u_char *) data, last - p);
+        }
+
+    next:
+
+        (void) ERR_get_error();
     }
 
     ngx_log_error(level, log, err, "%s)", errstr);