From b71c690895870290663dd4eef453d195209269ce Mon Sep 17 00:00:00 2001
From: Igor Sysoev <igor@sysoev.ru>
Date: Fri, 4 Aug 2006 16:04:04 +0000
Subject: nginx-0.3.56-RELEASE import

    *) Feature: the "dav_access" directive.

    *) Feature: the "if" directive supports the "-d", "!-d", "-e", "!-e",
       "-x", and "!-x" operators.

    *) Bugfix: a segmentation fault occurred if a request returned a
       redirect and some sent to client header lines were logged in the
       access log.
---
 src/http/ngx_http_request.c | 57 +++++++++++++++++++++++----------------------
 1 file changed, 29 insertions(+), 28 deletions(-)

(limited to 'src/http/ngx_http_request.c')

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index e645e811a..42933e8d2 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1269,34 +1269,6 @@ ngx_http_process_request_header(ngx_http_request_t *r)
         return NGX_ERROR;
     }
 
-#if (NGX_HTTP_SSL)
-
-    if (r->connection->ssl) {
-        sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
-
-        if (sscf->verify) {
-            rc = SSL_get_verify_result(r->connection->ssl->connection);
-
-            if (rc != X509_V_OK) {
-                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
-                              "client SSL certificate verify error: %l ", rc);
-                ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
-                return NGX_ERROR;
-            }
-
-            if (SSL_get_peer_certificate(r->connection->ssl->connection)
-                == NULL)
-            {
-                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
-                              "client sent no required SSL certificate");
-                ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
-                return NGX_ERROR;
-            }
-        }
-    }
-
-#endif
-
     if (r->headers_in.connection) {
         if (r->headers_in.connection->value.len == 5
             && ngx_strcasecmp(r->headers_in.connection->value.data, "close")
@@ -1362,6 +1334,35 @@ ngx_http_process_request_header(ngx_http_request_t *r)
         }
     }
 
+#if (NGX_HTTP_SSL)
+
+    if (r->connection->ssl) {
+        sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
+
+        if (sscf->verify) {
+            rc = SSL_get_verify_result(r->connection->ssl->connection);
+
+            if (rc != X509_V_OK) {
+                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                              "client SSL certificate verify error: (%l:%s) ",
+                              rc, X509_verify_cert_error_string(rc));
+                ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
+                return NGX_ERROR;
+            }
+
+            if (SSL_get_peer_certificate(r->connection->ssl->connection)
+                == NULL)
+            {
+                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                              "client sent no required SSL certificate");
+                ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
+                return NGX_ERROR;
+            }
+        }
+    }
+
+#endif
+
     return NGX_OK;
 }
 
-- 
cgit