SSL: $ssl_client_fingerprint variable.

author Sergey Budnevitch <sb@waeme.net>

Tue, 20 May 2014 10:03:03 +0000 (14:03 +0400)

committer Sergey Budnevitch <sb@waeme.net>

Tue, 20 May 2014 10:03:03 +0000 (14:03 +0400)
author Sergey Budnevitch <sb@waeme.net>
Tue, 20 May 2014 10:03:03 +0000 (14:03 +0400)
committer Sergey Budnevitch <sb@waeme.net>
Tue, 20 May 2014 10:03:03 +0000 (14:03 +0400)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c

index 88472fc90c1e9b43d9c7a3dcb2bcbf92249bf903..0c5ecda983cb378324eb04129029f1672548790d 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2956,6 +2956,40 @@ ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
  }
  
  
+ngx_int_t
+ngx_ssl_get_fingerprint(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
+{
+    X509          *cert;
+    unsigned int   len;
+    u_char         buf[EVP_MAX_MD_SIZE];
+
+    s->len = 0;
+
+    cert = SSL_get_peer_certificate(c->ssl->connection);
+    if (cert == NULL) {
+        return NGX_OK;
+    }
+
+    if (!X509_digest(cert, EVP_sha1(), buf, &len)) {
+        X509_free(cert);
+        return NGX_ERROR;
+    }
+
+    s->len = 2 * len;
+    s->data = ngx_pnalloc(pool, 2 * len);
+    if (s->data == NULL) {
+        X509_free(cert);
+        return NGX_ERROR;
+    }
+
+    ngx_hex_dump(s->data, buf, len);
+
+    X509_free(cert);
+
+    return NGX_OK;
+}
+
+
  ngx_int_t
  ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
  {
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h

index 30c8a74099c5ac5bf2745e2ad8d4f0c0d99fe87d..d632eb274109c23b9718542b7c62ec5e1895b8bf 100644 (file)
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -173,6 +173,8 @@ ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool,
      ngx_str_t *s);
  ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool,
      ngx_str_t *s);
+ngx_int_t ngx_ssl_get_fingerprint(ngx_connection_t *c, ngx_pool_t *pool,
+    ngx_str_t *s);
  ngx_int_t ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool,
      ngx_str_t *s);
  
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c

index 60049e689fd056c748e8cd0b6b9be8c9e3bf6d80..730204cbb9617b0b5a7d421aecb82b61a3d559f3 100644 (file)
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -292,6 +292,9 @@ static ngx_http_variable_t  ngx_http_ssl_vars[] = {
      { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable,
        (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 },
  
+    { ngx_string("ssl_client_fingerprint"), NULL, ngx_http_ssl_variable,
+      (uintptr_t) ngx_ssl_get_fingerprint, NGX_HTTP_VAR_CHANGEABLE, 0 },
+
      { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable,
        (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 },
author	Sergey Budnevitch <sb@waeme.net>
	Tue, 20 May 2014 10:03:03 +0000 (14:03 +0400)
committer	Sergey Budnevitch <sb@waeme.net>
	Tue, 20 May 2014 10:03:03 +0000 (14:03 +0400)
src/event/ngx_event_openssl.c		patch \| blob \| history
src/event/ngx_event_openssl.h		patch \| blob \| history
src/http/modules/ngx_http_ssl_module.c		patch \| blob \| history