Merge f9035f9c5e into 5b8a5c08ce

2025-06-07 09:42:39 +08:00 · 2025-05-29 20:46:59 +04:00 · 2025-05-29 20:46:59 +04:00 · 2b8f9ef342
commit 2b8f9ef342
parent 5b8a5c08ce f9035f9c5e
4 changed files with 84 additions and 0 deletions
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@ -5875,6 +5875,74 @@ ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 }


+ngx_int_t
+ngx_ssl_get_sigalg(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
+{
+    int         nid;
+    int         rc;
+    const char *sn;
+
+    rc = SSL_get_signature_type_nid(c->ssl->connection, &nid);
+
+    if (rc && nid != NID_undef) {
+        sn = OBJ_nid2sn(nid);
+        if (sn == NULL) {
+            s->len = sizeof("0x0000") - 1;
+
+            s->data = ngx_pnalloc(pool, s->len);
+            if (s->data == NULL) {
+                return NGX_ERROR;
+            }
+
+            ngx_sprintf(s->data, "0x%04xd", nid & 0xffff);
+
+            return NGX_OK;
+        }
+
+        s->len = ngx_strlen(sn);
+        s->data = (u_char *) sn;
+        return NGX_OK;
+    }
+
+    s->len = 0;
+    return NGX_OK;
+}
+
+
+ngx_int_t
+ngx_ssl_get_peer_sigalg(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
+{
+    int         nid;
+    int         rc;
+    const char *sn;
+
+    rc = SSL_get_peer_signature_type_nid(c->ssl->connection, &nid);
+
+    if (rc && nid != NID_undef) {
+        sn = OBJ_nid2sn(nid);
+        if (sn == NULL) {
+            s->len = sizeof("0x0000") - 1;
+
+            s->data = ngx_pnalloc(pool, s->len);
+            if (s->data == NULL) {
+                return NGX_ERROR;
+            }
+
+            ngx_sprintf(s->data, "0x%04xd", nid & 0xffff);
+
+            return NGX_OK;
+        }
+
+        s->len = ngx_strlen(sn);
+        s->data = (u_char *) sn;
+        return NGX_OK;
+    }
+
+    s->len = 0;
+    return NGX_OK;
+}
+
+
 static time_t
 ngx_ssl_parse_time(
 #if OPENSSL_VERSION_NUMBER > 0x10100000L
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@ -348,6 +348,10 @@ ngx_int_t ngx_ssl_get_client_v_end(ngx_connection_t *c, ngx_pool_t *pool,
    ngx_str_t *s);
 ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool,
    ngx_str_t *s);
+ngx_int_t ngx_ssl_get_sigalg(ngx_connection_t *c, ngx_pool_t *pool,
+    ngx_str_t *s);
+ngx_int_t ngx_ssl_get_peer_sigalg(ngx_connection_t *c, ngx_pool_t *pool,
+    ngx_str_t *s);


 ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@ -408,6 +408,12 @@ static ngx_http_variable_t  ngx_http_ssl_vars[] = {
    { ngx_string("ssl_client_v_remain"), NULL, ngx_http_ssl_variable,
      (uintptr_t) ngx_ssl_get_client_v_remain, NGX_HTTP_VAR_CHANGEABLE, 0 },

+    { ngx_string("ssl_sigalg"), NULL, ngx_http_ssl_variable,
+      (uintptr_t) ngx_ssl_get_sigalg, NGX_HTTP_VAR_CHANGEABLE, 0 },
+
+    { ngx_string("ssl_peer_sigalg"), NULL, ngx_http_ssl_variable,
+      (uintptr_t) ngx_ssl_get_peer_sigalg, NGX_HTTP_VAR_CHANGEABLE, 0 },
+
      ngx_http_null_variable
 };

--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@ -397,6 +397,12 @@ static ngx_stream_variable_t  ngx_stream_ssl_vars[] = {
    { ngx_string("ssl_client_v_remain"), NULL, ngx_stream_ssl_variable,
      (uintptr_t) ngx_ssl_get_client_v_remain, NGX_STREAM_VAR_CHANGEABLE, 0 },

+    { ngx_string("ssl_sigalg"), NULL, ngx_stream_ssl_variable,
+      (uintptr_t) ngx_ssl_get_sigalg, NGX_STREAM_VAR_CHANGEABLE, 0 },
+
+    { ngx_string("ssl_peer_sigalg"), NULL, ngx_stream_ssl_variable,
+      (uintptr_t) ngx_ssl_get_peer_sigalg, NGX_STREAM_VAR_CHANGEABLE, 0 },
+
      ngx_stream_null_variable
 };