mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-07-21 11:46:20 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add ssl_client_start/end_iso8601 #477

Browse Source
This commit is contained in:
u5surf 2025-02-07 22:48:05 +09:00
parent c8c9f0bafb
commit 92640a6b54
3 changed files with 99 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
src/event/ngx_event_openssl.c
View File

@ -5710,53 +5710,13 @@ ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
return NGX_OK;
}
ngx_int_t
ngx_ssl_get_client_v_start(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
BIO *bio;
X509 *cert;
size_t len;
s->len = 0;
cert = SSL_get_peer_certificate(c->ssl->connection);
if (cert == NULL) {
return NGX_OK;
}
bio = BIO_new(BIO_s_mem());
if (bio == NULL) {
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
X509_free(cert);
return NGX_ERROR;
}
ngx_ssl_print_time(
BIO *bio,
#if OPENSSL_VERSION_NUMBER > 0x10100000L
ASN1_TIME_print(bio, X509_get0_notBefore(cert));
#else
ASN1_TIME_print(bio, X509_get_notBefore(cert));
const
#endif
len = BIO_pending(bio);
s->len = len;
s->data = ngx_pnalloc(pool, len);
if (s->data == NULL) {
BIO_free(bio);
X509_free(cert);
return NGX_ERROR;
}
BIO_read(bio, s->data, len);
BIO_free(bio);
X509_free(cert);
return NGX_OK;
}
ngx_int_t
ngx_ssl_print_time(BIO *bio, ASN1_TIME *tm, long flag)
ASN1_TIME *tm, long iso8601_format)
{
ngx_int_t ret;
struct tm stm;
@ -5764,6 +5724,7 @@ ngx_ssl_print_time(BIO *bio, ASN1_TIME *tm, long flag)
int l, f_len;
char *v, *f;
if (iso8601_format) {
ret = ASN1_TIME_to_tm(tm, &stm);
if (ret != NGX_OK) {
return ret;
@ -5779,7 +5740,6 @@ ngx_ssl_print_time(BIO *bio, ASN1_TIME *tm, long flag)
while(15 + f_len < l && ngx_ascii_is_digit(f[f_len]))
++f_len;
}
if (flag) {
BIO_printf(bio, "%4d-%02d-%02d %02d:%02d:%02d.%.*sZ",
stm.tm_year + 1900, stm.tm_mon + 1,
stm.tm_mday, stm.tm_hour,
@ -5791,7 +5751,7 @@ ngx_ssl_print_time(BIO *bio, ASN1_TIME *tm, long flag)
}
ngx_int_t
ngx_ssl_get_client_v_end(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
ngx_ssl_get_client_v_start_common(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s, long iso8601_format)
{
BIO *bio;
X509 *cert;
@ -5812,9 +5772,9 @@ ngx_ssl_get_client_v_end(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
}
#if OPENSSL_VERSION_NUMBER > 0x10100000L
ASN1_TIME_print(bio, X509_get0_notAfter(cert));
ngx_ssl_print_time(bio, X509_get0_notBefore(cert), iso8601_format);
#else
ASN1_TIME_print(bio, X509_get_notAfter(cert));
ngx_ssl_print_time(bio, X509_get_notBefore(cert), iso8601_format);
#endif
len = BIO_pending(bio);
@ -5834,6 +5794,73 @@ ngx_ssl_get_client_v_end(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
return NGX_OK;
}
ngx_int_t
ngx_ssl_get_client_v_end_common(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s, long iso8601_format)
{
BIO *bio;
X509 *cert;
size_t len;
s->len = 0;
cert = SSL_get_peer_certificate(c->ssl->connection);
if (cert == NULL) {
return NGX_OK;
}
bio = BIO_new(BIO_s_mem());
if (bio == NULL) {
ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
X509_free(cert);
return NGX_ERROR;
}
#if OPENSSL_VERSION_NUMBER > 0x10100000L
ngx_ssl_print_time(bio, X509_get0_notAfter(cert), iso8601_format);
#else
ngx_ssl_print_time(bio, X509_get_notAfter(cert), iso8601_format);
#endif
len = BIO_pending(bio);
s->len = len;
s->data = ngx_pnalloc(pool, len);
if (s->data == NULL) {
BIO_free(bio);
X509_free(cert);
return NGX_ERROR;
}
BIO_read(bio, s->data, len);
BIO_free(bio);
X509_free(cert);
return NGX_OK;
}
ngx_int_t
ngx_ssl_get_client_v_start(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
return ngx_ssl_get_client_v_start_common(c, pool, s, 0);
}
ngx_int_t
ngx_ssl_get_client_v_start_iso8601(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
return ngx_ssl_get_client_v_start_common(c, pool, s, 1);
}
ngx_int_t
ngx_ssl_get_client_v_end(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
return ngx_ssl_get_client_v_end_common(c, pool, s, 0);
}
ngx_int_t
ngx_ssl_get_client_v_end_iso8601(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
return ngx_ssl_get_client_v_end_common(c, pool, s, 1);
}
ngx_int_t
ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)

4
src/event/ngx_event_openssl.h
View File

@ -333,6 +333,10 @@ ngx_int_t ngx_ssl_get_client_v_start(ngx_connection_t *c, ngx_pool_t *pool,
ngx_str_t *s);
ngx_int_t ngx_ssl_get_client_v_end(ngx_connection_t *c, ngx_pool_t *pool,
ngx_str_t *s);
ngx_int_t ngx_ssl_get_client_v_start_iso8601(ngx_connection_t *c,
ngx_pool_t *pool, ngx_str_t *s);
ngx_int_t ngx_ssl_get_client_v_end_iso8601(ngx_connection_t *c,
ngx_pool_t *pool, ngx_str_t *s);
ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool,
ngx_str_t *s);

6
src/http/modules/ngx_http_ssl_module.c
View File

@ -405,6 +405,12 @@ static ngx_http_variable_t ngx_http_ssl_vars[] = {
{ ngx_string("ssl_client_v_end"), NULL, ngx_http_ssl_variable,
(uintptr_t) ngx_ssl_get_client_v_end, NGX_HTTP_VAR_CHANGEABLE, 0 },
{ ngx_string("ssl_client_v_start_iso8601"), NULL, ngx_http_ssl_variable,
(uintptr_t) ngx_ssl_get_client_v_start_iso8601, NGX_HTTP_VAR_CHANGEABLE, 0 },
{ ngx_string("ssl_client_v_end_iso8601"), NULL, ngx_http_ssl_variable,
(uintptr_t) ngx_ssl_get_client_v_end_iso8601, NGX_HTTP_VAR_CHANGEABLE, 0 },
{ ngx_string("ssl_client_v_remain"), NULL, ngx_http_ssl_variable,
(uintptr_t) ngx_ssl_get_client_v_remain, NGX_HTTP_VAR_CHANGEABLE, 0 },