Klaus Demo nginx / 472233d
invalidate SSL session if there is no valid client certificate Igor Sysoev 14 years ago
3 changed file(s) with 22 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
15511551 }
15521552
15531553
1554 void
1555 ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
1556 {
1557 SSL_CTX_remove_session(ssl, sess);
1558
1559 ngx_ssl_remove_session(ssl, sess);
1560 }
1561
1562
15541563 static void
15551564 ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
15561565 {
15661575
15671576 shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
15681577
1578 if (shm_zone == NULL) {
1579 return;
1580 }
1581
15691582 cache = shm_zone->data;
15701583
15711584 id = sess->session_id;
104104 ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
105105 ngx_uint_t flags);
106106
107 void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
107108 ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
108109 #define ngx_ssl_get_session(c) SSL_get1_session(c->ssl->connection)
109110 #define ngx_ssl_free_session SSL_SESSION_free
14291429 ngx_log_error(NGX_LOG_INFO, c->log, 0,
14301430 "client SSL certificate verify error: (%l:%s)",
14311431 rc, X509_verify_cert_error_string(rc));
1432
1433 ngx_ssl_remove_cached_session(sscf->ssl.ctx,
1434 (SSL_get0_session(c->ssl->connection)));
1435
14321436 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
14331437 return;
14341438 }
14381442 {
14391443 ngx_log_error(NGX_LOG_INFO, c->log, 0,
14401444 "client sent no required SSL certificate");
1445
1446 ngx_ssl_remove_cached_session(sscf->ssl.ctx,
1447 (SSL_get0_session(c->ssl->connection)));
1448
14411449 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
14421450 return;
14431451 }