$ssl_client_cert
Igor Sysoev
14 years ago
| 1878 | 1878 |
|
| 1879 | 1879 |
|
| 1880 | 1880 |
ngx_int_t
|
|
1881 |
ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
|
|
1882 |
{
|
|
1883 |
size_t len;
|
|
1884 |
BIO *bio;
|
|
1885 |
X509 *cert;
|
|
1886 |
|
|
1887 |
s->len = 0;
|
|
1888 |
|
|
1889 |
cert = SSL_get_peer_certificate(c->ssl->connection);
|
|
1890 |
if (cert == NULL) {
|
|
1891 |
return NGX_OK;
|
|
1892 |
}
|
|
1893 |
|
|
1894 |
bio = BIO_new(BIO_s_mem());
|
|
1895 |
if (bio == NULL) {
|
|
1896 |
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
|
|
1897 |
X509_free(cert);
|
|
1898 |
return NGX_ERROR;
|
|
1899 |
}
|
|
1900 |
|
|
1901 |
if (PEM_write_bio_X509(bio, cert) == 0) {
|
|
1902 |
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "PEM_write_bio_X509() failed");
|
|
1903 |
goto failed;
|
|
1904 |
}
|
|
1905 |
|
|
1906 |
len = BIO_pending(bio);
|
|
1907 |
s->len = len;
|
|
1908 |
|
|
1909 |
s->data = ngx_palloc(pool, len);
|
|
1910 |
if (s->data == NULL) {
|
|
1911 |
goto failed;
|
|
1912 |
}
|
|
1913 |
|
|
1914 |
BIO_read(bio, s->data, len);
|
|
1915 |
|
|
1916 |
BIO_free(bio);
|
|
1917 |
X509_free(cert);
|
|
1918 |
|
|
1919 |
return NGX_OK;
|
|
1920 |
|
|
1921 |
failed:
|
|
1922 |
|
|
1923 |
BIO_free(bio);
|
|
1924 |
X509_free(cert);
|
|
1925 |
|
|
1926 |
return NGX_ERROR;
|
|
1927 |
}
|
|
1928 |
|
|
1929 |
|
|
1930 |
ngx_int_t
|
| 1881 | 1931 |
ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
|
| 1882 | 1932 |
{
|
| 1883 | 1933 |
char *p;
|
| 120 | 120 |
ngx_str_t *s);
|
| 121 | 121 |
ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool,
|
| 122 | 122 |
ngx_str_t *s);
|
|
123 |
ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool,
|
|
124 |
ngx_str_t *s);
|
| 123 | 125 |
ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool,
|
| 124 | 126 |
ngx_str_t *s);
|
| 125 | 127 |
ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool,
|
| 181 | 181 |
{ ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
|
| 182 | 182 |
(uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
|
| 183 | 183 |
|
|
184 |
{ ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
|
|
185 |
(uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
|
|
186 |
|
| 184 | 187 |
{ ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable,
|
| 185 | 188 |
(uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
|
| 186 | 189 |
|