mirror of
https://github.com/nginx/nginx.git
synced 2025-06-08 02:02:38 +08:00
OCSP stapling: additional function to configure stapling on a cert.
This commit is contained in:
Maxim Dounin
parent
40e075c325
commit
503b3569b9
@ -83,6 +83,8 @@ struct ngx_ssl_ocsp_ctx_s {
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
static ngx_int_t ngx_ssl_stapling_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
||||||
|
X509 *cert, ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify);
|
||||||
static ngx_int_t ngx_ssl_stapling_file(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
static ngx_int_t ngx_ssl_stapling_file(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
||||||
ngx_ssl_stapling_t *staple, ngx_str_t *file);
|
ngx_ssl_stapling_t *staple, ngx_str_t *file);
|
||||||
static ngx_int_t ngx_ssl_stapling_issuer(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
static ngx_int_t ngx_ssl_stapling_issuer(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
||||||
@ -123,6 +125,25 @@ ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file,
|
|||||||
ngx_str_t *responder, ngx_uint_t verify)
|
ngx_str_t *responder, ngx_uint_t verify)
|
||||||
{
|
{
|
||||||
X509 *cert;
|
X509 *cert;
|
||||||
|
|
||||||
|
cert = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index);
|
||||||
|
|
||||||
|
if (ngx_ssl_stapling_certificate(cf, ssl, cert, file, responder, verify)
|
||||||
|
!= NGX_OK)
|
||||||
|
{
|
||||||
|
return NGX_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
SSL_CTX_set_tlsext_status_cb(ssl->ctx, ngx_ssl_certificate_status_callback);
|
||||||
|
|
||||||
|
return NGX_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static ngx_int_t
|
||||||
|
ngx_ssl_stapling_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, X509 *cert,
|
||||||
|
ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify)
|
||||||
|
{
|
||||||
ngx_int_t rc;
|
ngx_int_t rc;
|
||||||
ngx_pool_cleanup_t *cln;
|
ngx_pool_cleanup_t *cln;
|
||||||
ngx_ssl_stapling_t *staple;
|
ngx_ssl_stapling_t *staple;
|
||||||
@ -140,8 +161,6 @@ ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file,
|
|||||||
cln->handler = ngx_ssl_stapling_cleanup;
|
cln->handler = ngx_ssl_stapling_cleanup;
|
||||||
cln->data = staple;
|
cln->data = staple;
|
||||||
|
|
||||||
cert = SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index);
|
|
||||||
|
|
||||||
if (X509_set_ex_data(cert, ngx_ssl_stapling_index, staple) == 0) {
|
if (X509_set_ex_data(cert, ngx_ssl_stapling_index, staple) == 0) {
|
||||||
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "X509_set_ex_data() failed");
|
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "X509_set_ex_data() failed");
|
||||||
return NGX_ERROR;
|
return NGX_ERROR;
|
||||||
@ -159,7 +178,7 @@ ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file,
|
|||||||
return NGX_ERROR;
|
return NGX_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
goto done;
|
return NGX_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = ngx_ssl_stapling_issuer(cf, ssl, staple);
|
rc = ngx_ssl_stapling_issuer(cf, ssl, staple);
|
||||||
@ -182,10 +201,6 @@ ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file,
|
|||||||
return NGX_ERROR;
|
return NGX_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
done:
|
|
||||||
|
|
||||||
SSL_CTX_set_tlsext_status_cb(ssl->ctx, ngx_ssl_certificate_status_callback);
|
|
||||||
|
|
||||||
return NGX_OK;
|
return NGX_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user