Hello!

On Thu, Jun 22, 2017 at 01:24:57PM +0000, Karstens, Nate wrote:

> # HG changeset patch
> # User Nate Karstens <nate.karstens@garmin.com>
> # Date 1498137207 18000
> # Thu Jun 22 08:13:27 2017 -0500
> # Node ID a4635fa4a0cabf5312cda617b8010ea14279ab1c
> # Parent 3fb3c4928d06029ca1d57853a163c9f56fa90bca
> PSK: add PSK identity variable

Style: "SSL: " prefix, dot.

>
> Adds the variable $ssl_psk_identity to get the PSK identity
> used in a connnection secured with a PSK cipher suite.
>
> Signed-off-by: Nate Karstens <nate.karstens@garmin.com>
>
> diff -r 3fb3c4928d06 -r a4635fa4a0ca src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c Thu Jun 22 08:13:00 2017 -0500
> +++ b/src/event/ngx_event_openssl.c Thu Jun 22 08:13:27 2017 -0500
> @@ -4147,6 +4147,33 @@
> }
>
>
> +ngx_int_t
> +ngx_ssl_get_psk_identity(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
> +{
> + const char *identity;
> + size_t len;

Style: two spaces between type and "*", order from short type to
long type.

> +
> + identity = SSL_get_psk_identity(c->ssl->connection);
> +
> + if (identity == NULL) {
> + s->len = 0;
> + return NGX_OK;
> + }
> +
> + len = ngx_strlen(identity);
> +
> + s->data = ngx_pnalloc(pool, len);
> + if (s->data == NULL) {
> + return NGX_ERROR;
> + }
> +
> + ngx_memcpy(s->data, identity, len);
> + s->len = len;

Is the allocation of additional buffer is needed here? For
example, in ngx_ssl_get_server_name() we simply use the memory
returned.

> +
> + return NGX_OK;
> +}
> +
> +
> static time_t
> ngx_ssl_parse_time(
> #if OPENSSL_VERSION_NUMBER > 0x10100000L
> diff -r 3fb3c4928d06 -r a4635fa4a0ca src/event/ngx_event_openssl.h
> --- a/src/event/ngx_event_openssl.h Thu Jun 22 08:13:00 2017 -0500
> +++ b/src/event/ngx_event_openssl.h Thu Jun 22 08:13:27 2017 -0500
> @@ -233,6 +233,8 @@
> ngx_str_t *s);
> ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool,
> ngx_str_t *s);
> +ngx_int_t ngx_ssl_get_psk_identity(ngx_connection_t *c, ngx_pool_t *pool,
> + ngx_str_t *s);
>
>
> ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
> diff -r 3fb3c4928d06 -r a4635fa4a0ca src/http/modules/ngx_http_ssl_module.c
> --- a/src/http/modules/ngx_http_ssl_module.c Thu Jun 22 08:13:00 2017 -0500
> +++ b/src/http/modules/ngx_http_ssl_module.c Thu Jun 22 08:13:27 2017 -0500
> @@ -336,6 +336,9 @@
> { ngx_string("ssl_client_v_remain"), NULL, ngx_http_ssl_variable,
> (uintptr_t) ngx_ssl_get_client_v_remain, NGX_HTTP_VAR_CHANGEABLE, 0 },
>
> + { ngx_string("ssl_psk_identity"), NULL, ngx_http_ssl_variable,
> + (uintptr_t) ngx_ssl_get_psk_identity, NGX_HTTP_VAR_CHANGEABLE, 0 },
> +
> { ngx_null_string, NULL, NULL, 0, 0, 0 }
> };
>
>
> ________________________________
>
> CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient(s) and contain information that may be Garmin confidential and/or Garmin legally privileged. If you have received this email in error, please notify the sender by reply email and delete the message. Any disclosure, copying, distribution or use of this communication (including attachments) by someone other than the intended recipient is prohibited. Thank you.
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel