diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2017-08-22 15:18:10 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2017-08-22 15:18:10 +0300 |
| commit | 50a0f25c60bcc0fb46efcab00985c200c08c2b2f (patch) | |
| tree | 5ccbff269a05fbc723224fde3c5f98e1114b9050 /src/event | |
| parent | 008e9caa2a5b784d337422f1dc4290edfb9cc640 (diff) | |
| download | nginx-50a0f25c60bcc0fb46efcab00985c200c08c2b2f.tar.gz nginx-50a0f25c60bcc0fb46efcab00985c200c08c2b2f.tar.bz2 | |
SSL: the $ssl_client_escaped_cert variable (ticket #857).
This variable contains URL-encoded client SSL certificate. In contrast
to $ssl_client_cert, it doesn't depend on deprecated header continuation.
The NGX_ESCAPE_URI_COMPONENT variant of encoding is used, so the resulting
variable can be safely used not only in headers, but also as a request
argument.
The $ssl_client_cert variable should be considered deprecated now.
The $ssl_client_raw_cert variable will be eventually renambed back
to $ssl_client_cert.
Diffstat (limited to 'src/event')
| -rw-r--r-- | src/event/ngx_event_openssl.c | 30 | ||||
| -rw-r--r-- | src/event/ngx_event_openssl.h | 2 |
2 files changed, 32 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index d67394bf5..4b74cb3f2 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -3663,6 +3663,36 @@ ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) ngx_int_t +ngx_ssl_get_escaped_certificate(ngx_connection_t *c, ngx_pool_t *pool, + ngx_str_t *s) +{ + ngx_str_t cert; + uintptr_t n; + + if (ngx_ssl_get_raw_certificate(c, pool, &cert) != NGX_OK) { + return NGX_ERROR; + } + + if (cert.len == 0) { + s->len = 0; + return NGX_OK; + } + + n = ngx_escape_uri(NULL, cert.data, cert.len, NGX_ESCAPE_URI_COMPONENT); + + s->len = cert.len + n * 2; + s->data = ngx_pnalloc(pool, s->len); + if (s->data == NULL) { + return NGX_ERROR; + } + + ngx_escape_uri(s->data, cert.data, cert.len, NGX_ESCAPE_URI_COMPONENT); + + return NGX_OK; +} + + +ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) { BIO *bio; diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index 2a149802b..b9a3a965c 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -212,6 +212,8 @@ ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); +ngx_int_t ngx_ssl_get_escaped_certificate(ngx_connection_t *c, ngx_pool_t *pool, + ngx_str_t *s); ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, |