Mercurial > hg > nginx
diff src/http/ngx_http_request.c @ 2994:f33c48457d0c
*) $ssl_client_verify
*) "ssl_verify_client ask" was changed to "ssl_verify_client optional"
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Wed, 22 Jul 2009 17:41:42 +0000 |
parents | f592d466bbda |
children | 66ef86affbb8 |
line wrap: on
line diff
--- a/src/http/ngx_http_request.c Wed Jul 22 13:06:27 2009 +0000 +++ b/src/http/ngx_http_request.c Wed Jul 22 17:41:42 2009 +0000 @@ -1524,7 +1524,7 @@ sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); - if (sscf->verify == 1) { + if (sscf->verify) { rc = SSL_get_verify_result(c->ssl->connection); if (rc != X509_V_OK) { @@ -1539,20 +1539,22 @@ return; } - cert = SSL_get_peer_certificate(c->ssl->connection); - - if (cert == NULL) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client sent no required SSL certificate"); - - ngx_ssl_remove_cached_session(sscf->ssl.ctx, + if (sscf->verify == 1) { + cert = SSL_get_peer_certificate(c->ssl->connection); + + if (cert == NULL) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent no required SSL certificate"); + + ngx_ssl_remove_cached_session(sscf->ssl.ctx, (SSL_get0_session(c->ssl->connection))); - ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); - return; + ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); + return; + } + + X509_free(cert); } - - X509_free(cert); } }