Mercurial > hg > nginx
comparison src/event/ngx_event_openssl_stapling.c @ 6547:e222a97d46c1
OCSP stapling: additional function to configure stapling on a cert.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 19 May 2016 14:46:32 +0300 |
parents | a2d5d45f1525 |
children | 8a34e92d8ab5 |
comparison
equal
deleted
inserted
replaced
6546:a2d5d45f1525 | 6547:e222a97d46c1 |
---|---|
81 ngx_pool_t *pool; | 81 ngx_pool_t *pool; |
82 ngx_log_t *log; | 82 ngx_log_t *log; |
83 }; | 83 }; |
84 | 84 |
85 | 85 |
86 static ngx_int_t ngx_ssl_stapling_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, | |
87 X509 *cert, ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify); | |
86 static ngx_int_t ngx_ssl_stapling_file(ngx_conf_t *cf, ngx_ssl_t *ssl, | 88 static ngx_int_t ngx_ssl_stapling_file(ngx_conf_t *cf, ngx_ssl_t *ssl, |
87 ngx_ssl_stapling_t *staple, ngx_str_t *file); | 89 ngx_ssl_stapling_t *staple, ngx_str_t *file); |
88 static ngx_int_t ngx_ssl_stapling_issuer(ngx_conf_t *cf, ngx_ssl_t *ssl, | 90 static ngx_int_t ngx_ssl_stapling_issuer(ngx_conf_t *cf, ngx_ssl_t *ssl, |
89 ngx_ssl_stapling_t *staple); | 91 ngx_ssl_stapling_t *staple); |
90 static ngx_int_t ngx_ssl_stapling_responder(ngx_conf_t *cf, ngx_ssl_t *ssl, | 92 static ngx_int_t ngx_ssl_stapling_responder(ngx_conf_t *cf, ngx_ssl_t *ssl, |
120 | 122 |
121 ngx_int_t | 123 ngx_int_t |
122 ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file, | 124 ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file, |
123 ngx_str_t *responder, ngx_uint_t verify) | 125 ngx_str_t *responder, ngx_uint_t verify) |
124 { | 126 { |
125 X509 *cert; | 127 X509 *cert; |
126 ngx_int_t rc; | 128 |
127 ngx_pool_cleanup_t *cln; | 129 cert = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index); |
128 ngx_ssl_stapling_t *staple; | 130 |
131 if (ngx_ssl_stapling_certificate(cf, ssl, cert, file, responder, verify) | |
132 != NGX_OK) | |
133 { | |
134 return NGX_ERROR; | |
135 } | |
136 | |
137 SSL_CTX_set_tlsext_status_cb(ssl->ctx, ngx_ssl_certificate_status_callback); | |
138 | |
139 return NGX_OK; | |
140 } | |
141 | |
142 | |
143 static ngx_int_t | |
144 ngx_ssl_stapling_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, X509 *cert, | |
145 ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify) | |
146 { | |
147 ngx_int_t rc; | |
148 ngx_pool_cleanup_t *cln; | |
149 ngx_ssl_stapling_t *staple; | |
129 | 150 |
130 staple = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_stapling_t)); | 151 staple = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_stapling_t)); |
131 if (staple == NULL) { | 152 if (staple == NULL) { |
132 return NGX_ERROR; | 153 return NGX_ERROR; |
133 } | 154 } |
137 return NGX_ERROR; | 158 return NGX_ERROR; |
138 } | 159 } |
139 | 160 |
140 cln->handler = ngx_ssl_stapling_cleanup; | 161 cln->handler = ngx_ssl_stapling_cleanup; |
141 cln->data = staple; | 162 cln->data = staple; |
142 | |
143 cert = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index); | |
144 | 163 |
145 if (X509_set_ex_data(cert, ngx_ssl_stapling_index, staple) == 0) { | 164 if (X509_set_ex_data(cert, ngx_ssl_stapling_index, staple) == 0) { |
146 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "X509_set_ex_data() failed"); | 165 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "X509_set_ex_data() failed"); |
147 return NGX_ERROR; | 166 return NGX_ERROR; |
148 } | 167 } |
157 | 176 |
158 if (ngx_ssl_stapling_file(cf, ssl, staple, file) != NGX_OK) { | 177 if (ngx_ssl_stapling_file(cf, ssl, staple, file) != NGX_OK) { |
159 return NGX_ERROR; | 178 return NGX_ERROR; |
160 } | 179 } |
161 | 180 |
162 goto done; | 181 return NGX_OK; |
163 } | 182 } |
164 | 183 |
165 rc = ngx_ssl_stapling_issuer(cf, ssl, staple); | 184 rc = ngx_ssl_stapling_issuer(cf, ssl, staple); |
166 | 185 |
167 if (rc == NGX_DECLINED) { | 186 if (rc == NGX_DECLINED) { |
179 } | 198 } |
180 | 199 |
181 if (rc != NGX_OK) { | 200 if (rc != NGX_OK) { |
182 return NGX_ERROR; | 201 return NGX_ERROR; |
183 } | 202 } |
184 | |
185 done: | |
186 | |
187 SSL_CTX_set_tlsext_status_cb(ssl->ctx, ngx_ssl_certificate_status_callback); | |
188 | 203 |
189 return NGX_OK; | 204 return NGX_OK; |
190 } | 205 } |
191 | 206 |
192 | 207 |