Merge 4ec2275b05 into f3542500b6

2025-06-08 02:02:38 +08:00 · 2025-04-30 06:23:38 +00:00 · 2025-04-30 06:23:38 +00:00 · f3d765e954
commit f3d765e954
parent f3542500b6 4ec2275b05
4 changed files with 26 additions and 2 deletions
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@ -5669,7 +5669,7 @@ ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 ngx_int_t
-ngx_ssl_get_fingerprint(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
+ngx_ssl_get_fingerprint_with_digest(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s, const EVP_MD *digest)
 {
    X509          *cert;
    unsigned int   len;
@ -5682,7 +5682,7 @@ ngx_ssl_get_fingerprint(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
        return NGX_OK;
    }
-    if (!X509_digest(cert, EVP_sha1(), buf, &len)) {
+    if (!X509_digest(cert, digest, buf, &len)) {
        ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_digest() failed");
        X509_free(cert);
        return NGX_ERROR;
@ -5703,6 +5703,20 @@ ngx_ssl_get_fingerprint(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 }
 ngx_int_t
 ngx_ssl_get_fingerprint(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 {
    return ngx_ssl_get_fingerprint_with_digest(c, pool, s, EVP_sha1());
 }
 ngx_int_t
 ngx_ssl_get_sha256_fingerprint(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 {
    return ngx_ssl_get_fingerprint_with_digest(c, pool, s, EVP_sha256());
 }
 ngx_int_t
 ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 {
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@ -338,8 +338,12 @@ ngx_int_t ngx_ssl_get_issuer_dn_legacy(ngx_connection_t *c, ngx_pool_t *pool,
    ngx_str_t *s);
 ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool,
    ngx_str_t *s);
 ngx_int_t ngx_ssl_get_fingerprint_with_digest(ngx_connection_t *c, ngx_pool_t *pool,
    ngx_str_t *s, const EVP_MD *digest);
 ngx_int_t ngx_ssl_get_fingerprint(ngx_connection_t *c, ngx_pool_t *pool,
    ngx_str_t *s);
 ngx_int_t ngx_ssl_get_sha256_fingerprint(ngx_connection_t *c, ngx_pool_t *pool,
    ngx_str_t *s);
 ngx_int_t ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool,
    ngx_str_t *s);
 ngx_int_t ngx_ssl_get_client_v_start(ngx_connection_t *c, ngx_pool_t *pool,
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@ -396,6 +396,9 @@ static ngx_http_variable_t  ngx_http_ssl_vars[] = {
    { ngx_string("ssl_client_fingerprint"), NULL, ngx_http_ssl_variable,
      (uintptr_t) ngx_ssl_get_fingerprint, NGX_HTTP_VAR_CHANGEABLE, 0 },
    { ngx_string("ssl_client_sha256_fingerprint"), NULL, ngx_http_ssl_variable,
      (uintptr_t) ngx_ssl_get_sha256_fingerprint, NGX_HTTP_VAR_CHANGEABLE, 0 },
    { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable,
      (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 },
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@ -385,6 +385,9 @@ static ngx_stream_variable_t  ngx_stream_ssl_vars[] = {
    { ngx_string("ssl_client_fingerprint"), NULL, ngx_stream_ssl_variable,
      (uintptr_t) ngx_ssl_get_fingerprint, NGX_STREAM_VAR_CHANGEABLE, 0 },
    { ngx_string("ssl_client_sha256_fingerprint"), NULL, ngx_stream_ssl_variable,
      (uintptr_t) ngx_ssl_get_sha256_fingerprint, NGX_STREAM_VAR_CHANGEABLE, 0 },
    { ngx_string("ssl_client_verify"), NULL, ngx_stream_ssl_variable,
      (uintptr_t) ngx_ssl_get_client_verify, NGX_STREAM_VAR_CHANGEABLE, 0 },