mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 01:12:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

invalidate SSL session if there is no valid client certificate

Browse Source
This commit is contained in:
Igor Sysoev 2008-03-10 14:47:07 +00:00
parent fb14092fdc
commit 472233d0a3
3 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/event/ngx_event_openssl.c
View File

@ -1552,6 +1552,15 @@ done:
}
void
ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
{
SSL_CTX_remove_session(ssl, sess);
ngx_ssl_remove_session(ssl, sess);
}
static void
ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
{
@ -1567,6 +1576,10 @@ ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
if (shm_zone == NULL) {
return;
}
cache = shm_zone->data;
id = sess->session_id;

1
src/event/ngx_event_openssl.h
View File

@ -105,6 +105,7 @@ ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
ngx_uint_t flags);
void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
#define ngx_ssl_get_session(c) SSL_get1_session(c->ssl->connection)
#define ngx_ssl_free_session SSL_SESSION_free

8
src/http/ngx_http_request.c
View File

@ -1430,6 +1430,10 @@ ngx_http_process_request(ngx_http_request_t *r)
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client SSL certificate verify error: (%l:%s)",
rc, X509_verify_cert_error_string(rc));
ngx_ssl_remove_cached_session(sscf->ssl.ctx,
(SSL_get0_session(c->ssl->connection)));
ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
return;
}
@ -1439,6 +1443,10 @@ ngx_http_process_request(ngx_http_request_t *r)
{
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent no required SSL certificate");
ngx_ssl_remove_cached_session(sscf->ssl.ctx,
(SSL_get0_session(c->ssl->connection)));
ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
return;
}