aboutsummaryrefslogtreecommitdiff
path: root/src/http/ngx_http_request.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/http/ngx_http_request.c')
-rw-r--r--src/http/ngx_http_request.c22
1 files changed, 12 insertions, 10 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index f07472b33..a1e02acaf 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1524,7 +1524,7 @@ ngx_http_process_request(ngx_http_request_t *r)
sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
- if (sscf->verify == 1) {
+ if (sscf->verify) {
rc = SSL_get_verify_result(c->ssl->connection);
if (rc != X509_V_OK) {
@@ -1539,20 +1539,22 @@ ngx_http_process_request(ngx_http_request_t *r)
return;
}
- cert = SSL_get_peer_certificate(c->ssl->connection);
+ if (sscf->verify == 1) {
+ cert = SSL_get_peer_certificate(c->ssl->connection);
- if (cert == NULL) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent no required SSL certificate");
+ if (cert == NULL) {
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "client sent no required SSL certificate");
- ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+ ngx_ssl_remove_cached_session(sscf->ssl.ctx,
(SSL_get0_session(c->ssl->connection)));
- ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
- return;
- }
+ ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
+ return;
+ }
- X509_free(cert);
+ X509_free(cert);
+ }
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-31 15:15:17 +0000