diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2016-05-19 14:46:32 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2016-05-19 14:46:32 +0300 |
| commit | e844475905c0226088104a80bc3159bfa714ffa8 (patch) | |
| tree | f6e7df682b6f06f59a2688b1ad3ab5c3fa42224c /src/http/ngx_http_request.c | |
| parent | 503b3569b9a6fd4960407a157feeb8ed534195ea (diff) | |
| download | nginx-e844475905c0226088104a80bc3159bfa714ffa8.tar.gz nginx-e844475905c0226088104a80bc3159bfa714ffa8.zip | |
SSL: made it possible to iterate though all certificates.
A pointer to a previously configured certificate now stored in a certificate.
This makes it possible to iterate though all certificates configured in
the SSL context. This is now used to configure OCSP stapling for all
certificates, and in ngx_ssl_session_id_context().
As SSL_CTX_use_certificate() frees previously loaded certificate of the same
type, and we have no way to find out if it's the case, X509_free() calls
are now posponed till ngx_ssl_cleanup_ctx().
Note that in OpenSSL 1.0.2+ this can be done without storing things in exdata
using the SSL_CTX_set_current_cert() and SSL_CTX_get0_certificate() functions.
These are not yet available in all supported versions though, so it's easier
to continue to use exdata for now.
Diffstat (limited to 'src/http/ngx_http_request.c')
0 files changed, 0 insertions, 0 deletions