mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-11-28 08:09:00 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

OCSP stapling: improved error logging context.

Browse Source 
It now logs the IP address of the responder used (if it's already known),
as well as the certificate name.
This commit is contained in:
Maxim Dounin 2016-12-05 22:23:22 +03:00
parent af07f8d093
commit 27bcceb24b
1 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/event/ngx_event_openssl_stapling.c
View File

@ -47,6 +47,8 @@ struct ngx_ssl_ocsp_ctx_s {
X509 *cert;
X509 *issuer;
u_char *name;
ngx_uint_t naddrs;
ngx_addr_t *addrs;
@ -559,6 +561,7 @@ ngx_ssl_stapling_update(ngx_ssl_stapling_t *staple)
ctx->cert = staple->cert;
ctx->issuer = staple->issuer;
ctx->name = staple->name;
ctx->addrs = staple->addrs;
ctx->host = staple->host;
@ -1837,12 +1840,27 @@ ngx_ssl_ocsp_log_error(ngx_log_t *log, u_char *buf, size_t len)
if (log->action) {
p = ngx_snprintf(buf, len, " while %s", log->action);
len -= p - buf;
buf = p;
}
ctx = log->data;
if (ctx) {
p = ngx_snprintf(p, len, ", responder: %V", &ctx->host);
p = ngx_snprintf(buf, len, ", responder: %V", &ctx->host);
len -= p - buf;
buf = p;
}
if (ctx && ctx->peer.name) {
p = ngx_snprintf(buf, len, ", peer: %V", ctx->peer.name);
len -= p - buf;
buf = p;
}
if (ctx && ctx->name) {
p = ngx_snprintf(buf, len, ", certificate: \"%s\"", ctx->name);
len -= p - buf;
buf = p;
}
return p;