diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2009-07-22 17:41:42 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2009-07-22 17:41:42 +0000 |
| commit | 5b4b7c58ccb1c11f1154db06f515982ae989f6f0 (patch) | |
| tree | 5b4253385581b72558bb96864f91f708e47441a7 /src/http | |
| parent | a4038c8e719fd1d874eee7fd653092c56eeadcf0 (diff) | |
| download | nginx-5b4b7c58ccb1c11f1154db06f515982ae989f6f0.tar.gz nginx-5b4b7c58ccb1c11f1154db06f515982ae989f6f0.tar.bz2 | |
*) $ssl_client_verify
*) "ssl_verify_client ask" was changed to "ssl_verify_client optional"
Diffstat (limited to '')
| -rw-r--r-- | src/http/modules/ngx_http_ssl_module.c | 5 | ||||
| -rw-r--r-- | src/http/ngx_http_request.c | 22 |
2 files changed, 16 insertions, 11 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index c0fd6fdda..51f5465c7 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -52,7 +52,7 @@ static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { static ngx_conf_enum_t ngx_http_ssl_verify[] = { { ngx_string("off"), 0 }, { ngx_string("on"), 1 }, - { ngx_string("ask"), 2 }, + { ngx_string("optional"), 2 }, { ngx_null_string, 0 } }; @@ -206,6 +206,9 @@ static ngx_http_variable_t ngx_http_ssl_vars[] = { { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable, (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_null_string, NULL, NULL, 0, 0, 0 } }; diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index f07472b33..a1e02acaf 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1524,7 +1524,7 @@ ngx_http_process_request(ngx_http_request_t *r) sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); - if (sscf->verify == 1) { + if (sscf->verify) { rc = SSL_get_verify_result(c->ssl->connection); if (rc != X509_V_OK) { @@ -1539,20 +1539,22 @@ ngx_http_process_request(ngx_http_request_t *r) return; } - cert = SSL_get_peer_certificate(c->ssl->connection); + if (sscf->verify == 1) { + cert = SSL_get_peer_certificate(c->ssl->connection); - if (cert == NULL) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent no required SSL certificate"); + if (cert == NULL) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent no required SSL certificate"); - ngx_ssl_remove_cached_session(sscf->ssl.ctx, + ngx_ssl_remove_cached_session(sscf->ssl.ctx, (SSL_get0_session(c->ssl->connection))); - ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); - return; - } + ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); + return; + } - X509_free(cert); + X509_free(cert); + } } } |