Mercurial > hg > nginx
comparison src/event/ngx_event_openssl_stapling.c @ 6810:64f5bfba5d96
OCSP stapling: style.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 05 Dec 2016 22:23:22 +0300 |
parents | 6acbe9964ceb |
children | 5eb3309d0b9e |
comparison
equal
deleted
inserted
replaced
6809:87d7e640b45d | 6810:64f5bfba5d96 |
---|---|
55 ngx_resolver_t *resolver; | 55 ngx_resolver_t *resolver; |
56 ngx_msec_t resolver_timeout; | 56 ngx_msec_t resolver_timeout; |
57 | 57 |
58 ngx_msec_t timeout; | 58 ngx_msec_t timeout; |
59 | 59 |
60 void (*handler)(ngx_ssl_ocsp_ctx_t *r); | 60 void (*handler)(ngx_ssl_ocsp_ctx_t *ctx); |
61 void *data; | 61 void *data; |
62 | 62 |
63 ngx_buf_t *request; | 63 ngx_buf_t *request; |
64 ngx_buf_t *response; | 64 ngx_buf_t *response; |
65 ngx_peer_connection_t peer; | 65 ngx_peer_connection_t peer; |
66 | 66 |
67 ngx_int_t (*process)(ngx_ssl_ocsp_ctx_t *r); | 67 ngx_int_t (*process)(ngx_ssl_ocsp_ctx_t *ctx); |
68 | 68 |
69 ngx_uint_t state; | 69 ngx_uint_t state; |
70 | 70 |
71 ngx_uint_t code; | 71 ngx_uint_t code; |
72 ngx_uint_t count; | 72 ngx_uint_t count; |
372 | 372 |
373 static ngx_int_t | 373 static ngx_int_t |
374 ngx_ssl_stapling_responder(ngx_conf_t *cf, ngx_ssl_t *ssl, | 374 ngx_ssl_stapling_responder(ngx_conf_t *cf, ngx_ssl_t *ssl, |
375 ngx_ssl_stapling_t *staple, ngx_str_t *responder) | 375 ngx_ssl_stapling_t *staple, ngx_str_t *responder) |
376 { | 376 { |
377 ngx_url_t u; | |
378 char *s; | 377 char *s; |
379 ngx_str_t rsp; | 378 ngx_str_t rsp; |
379 ngx_url_t u; | |
380 STACK_OF(OPENSSL_STRING) *aia; | 380 STACK_OF(OPENSSL_STRING) *aia; |
381 | 381 |
382 if (responder->len == 0) { | 382 if (responder->len == 0) { |
383 | 383 |
384 /* extract OCSP responder URL from certificate */ | 384 /* extract OCSP responder URL from certificate */ |
755 | 755 |
756 | 756 |
757 static time_t | 757 static time_t |
758 ngx_ssl_stapling_time(ASN1_GENERALIZEDTIME *asn1time) | 758 ngx_ssl_stapling_time(ASN1_GENERALIZEDTIME *asn1time) |
759 { | 759 { |
760 BIO *bio; | |
760 u_char *value; | 761 u_char *value; |
761 size_t len; | 762 size_t len; |
762 time_t time; | 763 time_t time; |
763 BIO *bio; | |
764 | 764 |
765 /* | 765 /* |
766 * OpenSSL doesn't provide a way to convert ASN1_GENERALIZEDTIME | 766 * OpenSSL doesn't provide a way to convert ASN1_GENERALIZEDTIME |
767 * into time_t. To do this, we use ASN1_GENERALIZEDTIME_print(), | 767 * into time_t. To do this, we use ASN1_GENERALIZEDTIME_print(), |
768 * which uses the "MMM DD HH:MM:SS YYYY [GMT]" format (e.g., | 768 * which uses the "MMM DD HH:MM:SS YYYY [GMT]" format (e.g., |
1003 | 1003 |
1004 | 1004 |
1005 static void | 1005 static void |
1006 ngx_ssl_ocsp_connect(ngx_ssl_ocsp_ctx_t *ctx) | 1006 ngx_ssl_ocsp_connect(ngx_ssl_ocsp_ctx_t *ctx) |
1007 { | 1007 { |
1008 ngx_int_t rc; | 1008 ngx_int_t rc; |
1009 | 1009 |
1010 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0, | 1010 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0, |
1011 "ssl ocsp connect"); | 1011 "ssl ocsp connect"); |
1012 | 1012 |
1013 /* TODO: use all ip addresses */ | 1013 /* TODO: use all ip addresses */ |
1101 | 1101 |
1102 | 1102 |
1103 static void | 1103 static void |
1104 ngx_ssl_ocsp_read_handler(ngx_event_t *rev) | 1104 ngx_ssl_ocsp_read_handler(ngx_event_t *rev) |
1105 { | 1105 { |
1106 ssize_t n, size; | 1106 ssize_t n, size; |
1107 ngx_int_t rc; | 1107 ngx_int_t rc; |
1108 ngx_ssl_ocsp_ctx_t *ctx; | 1108 ngx_connection_t *c; |
1109 ngx_connection_t *c; | 1109 ngx_ssl_ocsp_ctx_t *ctx; |
1110 | 1110 |
1111 c = rev->data; | 1111 c = rev->data; |
1112 ctx = c->data; | 1112 ctx = c->data; |
1113 | 1113 |
1114 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, | 1114 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, rev->log, 0, |
1606 | 1606 |
1607 ctx->process = ngx_ssl_ocsp_process_body; | 1607 ctx->process = ngx_ssl_ocsp_process_body; |
1608 return ctx->process(ctx); | 1608 return ctx->process(ctx); |
1609 } | 1609 } |
1610 | 1610 |
1611 | |
1611 static ngx_int_t | 1612 static ngx_int_t |
1612 ngx_ssl_ocsp_parse_header_line(ngx_ssl_ocsp_ctx_t *ctx) | 1613 ngx_ssl_ocsp_parse_header_line(ngx_ssl_ocsp_ctx_t *ctx) |
1613 { | 1614 { |
1614 u_char c, ch, *p; | 1615 u_char c, ch, *p; |
1615 enum { | 1616 enum { |
1616 sw_start = 0, | 1617 sw_start = 0, |
1617 sw_name, | 1618 sw_name, |
1618 sw_space_before_value, | 1619 sw_space_before_value, |
1619 sw_value, | 1620 sw_value, |
1844 "\"ssl_stapling\" ignored, not supported"); | 1845 "\"ssl_stapling\" ignored, not supported"); |
1845 | 1846 |
1846 return NGX_OK; | 1847 return NGX_OK; |
1847 } | 1848 } |
1848 | 1849 |
1850 | |
1849 ngx_int_t | 1851 ngx_int_t |
1850 ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl, | 1852 ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl, |
1851 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout) | 1853 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout) |
1852 { | 1854 { |
1853 return NGX_OK; | 1855 return NGX_OK; |