Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: added missed error reporting during variables evaluation.

Maxim Dounin
February 20, 2021 11:22AM
details: https://hg.nginx.org/nginx/rev/3bed5797a1b7
branches:
changeset: 7780:3bed5797a1b7
user: Maxim Dounin <mdounin@mdounin.ru>
date: Sat Feb 20 18:02:54 2021 +0300
description:
SSL: added missed error reporting during variables evaluation.

diffstat:

src/event/ngx_event_openssl.c | 17 +++++++++++++----
1 files changed, 13 insertions(+), 4 deletions(-)

diffs (101 lines):

diff -r 018a09b766ef -r 3bed5797a1b7 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Sat Feb 20 18:02:49 2021 +0300
+++ b/src/event/ngx_event_openssl.c Sat Feb 20 18:02:54 2021 +0300
@@ -83,7 +83,7 @@ static time_t ngx_ssl_parse_time(
#if OPENSSL_VERSION_NUMBER > 0x10100000L
const
#endif
- ASN1_TIME *asn1time);
+ ASN1_TIME *asn1time, ngx_log_t *log);

static void *ngx_openssl_create_conf(ngx_cycle_t *cycle);
static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
@@ -4817,11 +4817,13 @@ ngx_ssl_get_subject_dn(ngx_connection_t

bio = BIO_new(BIO_s_mem());
if (bio == NULL) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
X509_free(cert);
return NGX_ERROR;
}

if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_print_ex() failed");
goto failed;
}

@@ -4869,11 +4871,13 @@ ngx_ssl_get_issuer_dn(ngx_connection_t *

bio = BIO_new(BIO_s_mem());
if (bio == NULL) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
X509_free(cert);
return NGX_ERROR;
}

if (X509_NAME_print_ex(bio, name, 0, XN_FLAG_RFC2253) < 0) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_NAME_print_ex() failed");
goto failed;
}

@@ -5011,6 +5015,7 @@ ngx_ssl_get_serial_number(ngx_connection

bio = BIO_new(BIO_s_mem());
if (bio == NULL) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
X509_free(cert);
return NGX_ERROR;
}
@@ -5049,6 +5054,7 @@ ngx_ssl_get_fingerprint(ngx_connection_t
}

if (!X509_digest(cert, EVP_sha1(), buf, &len)) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "X509_digest() failed");
X509_free(cert);
return NGX_ERROR;
}
@@ -5122,6 +5128,7 @@ ngx_ssl_get_client_v_start(ngx_connectio

bio = BIO_new(BIO_s_mem());
if (bio == NULL) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
X509_free(cert);
return NGX_ERROR;
}
@@ -5166,6 +5173,7 @@ ngx_ssl_get_client_v_end(ngx_connection_

bio = BIO_new(BIO_s_mem());
if (bio == NULL) {
+ ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
X509_free(cert);
return NGX_ERROR;
}
@@ -5208,9 +5216,9 @@ ngx_ssl_get_client_v_remain(ngx_connecti
}

#if OPENSSL_VERSION_NUMBER > 0x10100000L
- end = ngx_ssl_parse_time(X509_get0_notAfter(cert));
+ end = ngx_ssl_parse_time(X509_get0_notAfter(cert), c->log);
#else
- end = ngx_ssl_parse_time(X509_get_notAfter(cert));
+ end = ngx_ssl_parse_time(X509_get_notAfter(cert), c->log);
#endif

if (end == (time_t) NGX_ERROR) {
@@ -5245,7 +5253,7 @@ ngx_ssl_parse_time(
#if OPENSSL_VERSION_NUMBER > 0x10100000L
const
#endif
- ASN1_TIME *asn1time)
+ ASN1_TIME *asn1time, ngx_log_t *log)
{
BIO *bio;
char *value;
@@ -5261,6 +5269,7 @@ ngx_ssl_parse_time(

bio = BIO_new(BIO_s_mem());
if (bio == NULL) {
+ ngx_ssl_error(NGX_LOG_ALERT, log, 0, "BIO_new() failed");
return NGX_ERROR;
}

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] SSL: added missed error reporting during variables evaluation.

Maxim Dounin 57 February 20, 2021 11:22AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 66
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready