diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2020-05-26 20:26:44 +0300 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2020-05-26 20:26:44 +0300 |
| commit | 38091071a8ebef605433aef4b8c0a5b55845b43f (patch) | |
| tree | e90b9a87999acd121234d156047c54f0d403aa5f /src/http/ngx_http_request.c | |
| parent | 2360f58a9b4515cfb5aa2d454892da70274ae183 (diff) | |
| parent | bab7ab047757c5e9e15fbd70880e2a3d27c75372 (diff) | |
| download | nginx-38091071a8ebef605433aef4b8c0a5b55845b43f.tar.gz nginx-38091071a8ebef605433aef4b8c0a5b55845b43f.zip | |
Merged with the default branch.
Diffstat (limited to 'src/http/ngx_http_request.c')
| -rw-r--r-- | src/http/ngx_http_request.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 1b3573598..3e6fce676 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -2127,6 +2127,7 @@ ngx_http_process_request(ngx_http_request_t *r) if (r->http_connection->ssl) { long rc; X509 *cert; + const char *s; ngx_http_ssl_srv_conf_t *sscf; if (c->ssl == NULL) { @@ -2171,6 +2172,17 @@ ngx_http_process_request(ngx_http_request_t *r) X509_free(cert); } + + if (ngx_ssl_ocsp_get_status(c, &s) != NGX_OK) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client SSL certificate verify error: %s", s); + + ngx_ssl_remove_cached_session(c->ssl->session_ctx, + (SSL_get0_session(c->ssl->connection))); + + ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); + return; + } } } |