QUIC: client certificate validation with OCSP.

author: Sergey Kandaurov <pluknet@nginx.com> 2021-08-04 15:49:18 +0300
committer: Sergey Kandaurov <pluknet@nginx.com> 2021-08-04 15:49:18 +0300
commit: 0b179efeb0bc18e92a31748685cc74240ddb5667 (patch)
tree: e06cf33cf3f6303a5bcdd08c450c1c73b94e76dd /src/event/quic/ngx_event_quic_ssl.c
parent: e1ad576f960ab2b455b4d12869f69cb648feba42 (diff)
download: nginx-0b179efeb0bc18e92a31748685cc74240ddb5667.tar.gz
nginx-0b179efeb0bc18e92a31748685cc74240ddb5667.tar.bz2
1 files changed, 14 insertions, 0 deletions
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
index 5e2827f23..9083ad1e3 100644
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -361,6 +361,7 @@ static ngx_int_t
 ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data)
 {
     int                     n, sslerr;
+    ngx_int_t               rc;
     ngx_buf_t              *b;
     ngx_chain_t            *cl;
     ngx_ssl_conn_t         *ssl_conn;
@@ -462,6 +463,19 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data)
         return NGX_ERROR;
     }
 
+    rc = ngx_ssl_ocsp_validate(c);
+
+    if (rc == NGX_ERROR) {
+        return NGX_ERROR;
+    }
+
+    if (rc == NGX_AGAIN) {
+        c->ssl->handler = ngx_quic_init_streams;
+        return NGX_OK;
+    }
+
+    ngx_quic_init_streams(c);
+
     return NGX_OK;
 }
author	Sergey Kandaurov <pluknet@nginx.com>	2021-08-04 15:49:18 +0300
committer	Sergey Kandaurov <pluknet@nginx.com>	2021-08-04 15:49:18 +0300
commit	0b179efeb0bc18e92a31748685cc74240ddb5667 (patch)
tree	e06cf33cf3f6303a5bcdd08c450c1c73b94e76dd /src/event/quic/ngx_event_quic_ssl.c
parent	e1ad576f960ab2b455b4d12869f69cb648feba42 (diff)
download	nginx-0b179efeb0bc18e92a31748685cc74240ddb5667.tar.gz nginx-0b179efeb0bc18e92a31748685cc74240ddb5667.tar.bz2