nxt_cert.c (1820:e969cea13cc3) nxt_cert.c (1821:e1b1c9b16820)
1
2/*
3 * Copyright (C) Valentin V. Bartenev
4 * Copyright (C) NGINX, Inc.
5 */
6
7#include <nxt_main.h>
8#include <nxt_conf.h>

--- 32 unchanged lines hidden (view full) ---

41
42static nxt_cert_t *nxt_cert_fd(nxt_task_t *task, nxt_fd_t fd);
43static nxt_cert_t *nxt_cert_bio(nxt_task_t *task, BIO *bio);
44static int nxt_nxt_cert_pem_suffix(char *pem_str, const char *suffix);
45
46static nxt_conf_value_t *nxt_cert_details(nxt_mp_t *mp, nxt_cert_t *cert);
47static nxt_conf_value_t *nxt_cert_name_details(nxt_mp_t *mp, X509 *x509,
48 nxt_bool_t issuer);
1
2/*
3 * Copyright (C) Valentin V. Bartenev
4 * Copyright (C) NGINX, Inc.
5 */
6
7#include <nxt_main.h>
8#include <nxt_conf.h>

--- 32 unchanged lines hidden (view full) ---

41
42static nxt_cert_t *nxt_cert_fd(nxt_task_t *task, nxt_fd_t fd);
43static nxt_cert_t *nxt_cert_bio(nxt_task_t *task, BIO *bio);
44static int nxt_nxt_cert_pem_suffix(char *pem_str, const char *suffix);
45
46static nxt_conf_value_t *nxt_cert_details(nxt_mp_t *mp, nxt_cert_t *cert);
47static nxt_conf_value_t *nxt_cert_name_details(nxt_mp_t *mp, X509 *x509,
48 nxt_bool_t issuer);
49static nxt_conf_value_t *nxt_cert_alt_names_details(nxt_mp_t *mp,
50 STACK_OF(GENERAL_NAME) *alt_names);
49
50
51static nxt_lvlhsh_t nxt_cert_info;
52
53
54nxt_cert_t *
55nxt_cert_mem(nxt_task_t *task, nxt_buf_mem_t *mbuf)
56{

--- 592 unchanged lines hidden (view full) ---

649static nxt_conf_value_t *
650nxt_cert_name_details(nxt_mp_t *mp, X509 *x509, nxt_bool_t issuer)
651{
652 int len;
653 X509_NAME *x509_name;
654 nxt_str_t str;
655 nxt_int_t ret;
656 nxt_uint_t i, n, count;
51
52
53static nxt_lvlhsh_t nxt_cert_info;
54
55
56nxt_cert_t *
57nxt_cert_mem(nxt_task_t *task, nxt_buf_mem_t *mbuf)
58{

--- 592 unchanged lines hidden (view full) ---

651static nxt_conf_value_t *
652nxt_cert_name_details(nxt_mp_t *mp, X509 *x509, nxt_bool_t issuer)
653{
654 int len;
655 X509_NAME *x509_name;
656 nxt_str_t str;
657 nxt_int_t ret;
658 nxt_uint_t i, n, count;
657 GENERAL_NAME *name;
658 nxt_conf_value_t *object, *names;
659 STACK_OF(GENERAL_NAME) *alt_names;
660 u_char buf[256];
661
662 static nxt_cert_nid_t nids[] = {
663 { NID_commonName, nxt_string("common_name") },
664 { NID_countryName, nxt_string("country") },
665 { NID_stateOrProvinceName, nxt_string("state_or_province") },

--- 50 unchanged lines hidden (view full) ---

716 ret = nxt_conf_set_member_string_dup(object, mp, &nids[n].name,
717 &str, i++);
718 if (nxt_slow_path(ret != NXT_OK)) {
719 goto fail;
720 }
721 }
722
723 if (alt_names != NULL) {
659 nxt_conf_value_t *object, *names;
660 STACK_OF(GENERAL_NAME) *alt_names;
661 u_char buf[256];
662
663 static nxt_cert_nid_t nids[] = {
664 { NID_commonName, nxt_string("common_name") },
665 { NID_countryName, nxt_string("country") },
666 { NID_stateOrProvinceName, nxt_string("state_or_province") },

--- 50 unchanged lines hidden (view full) ---

717 ret = nxt_conf_set_member_string_dup(object, mp, &nids[n].name,
718 &str, i++);
719 if (nxt_slow_path(ret != NXT_OK)) {
720 goto fail;
721 }
722 }
723
724 if (alt_names != NULL) {
724 count = sk_GENERAL_NAME_num(alt_names);
725 n = 0;
725 names = nxt_cert_alt_names_details(mp, alt_names);
726
726
727 for (i = 0; i != count; i++) {
728 name = sk_GENERAL_NAME_value(alt_names, i);
727 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
729
728
730 if (name->type != GEN_DNS) {
731 continue;
732 }
733
734 n++;
735 }
736
737 names = nxt_conf_create_array(mp, n);
738 if (nxt_slow_path(names == NULL)) {
729 if (nxt_slow_path(names == NULL)) {
739 goto fail;
730 return NULL;
740 }
741
731 }
732
742 for (n = 0, i = 0; n != count; n++) {
743 name = sk_GENERAL_NAME_value(alt_names, n);
744
745 if (name->type != GEN_DNS) {
746 continue;
747 }
748
749 str.length = ASN1_STRING_length(name->d.dNSName);
750#if OPENSSL_VERSION_NUMBER > 0x10100000L
751 str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName);
752#else
753 str.start = ASN1_STRING_data(name->d.dNSName);
754#endif
755
756 ret = nxt_conf_set_element_string_dup(names, mp, i++, &str);
757 if (nxt_slow_path(ret != NXT_OK)) {
758 goto fail;
759 }
760 }
761
762 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
763
764 nxt_conf_set_member(object, &alt_names_str, names, 1);
765 }
766
767 return object;
768
769fail:
770
771 if (alt_names != NULL) {
772 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
773 }
774
775 return NULL;
776}
777
778
733 nxt_conf_set_member(object, &alt_names_str, names, 1);
734 }
735
736 return object;
737
738fail:
739
740 if (alt_names != NULL) {
741 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
742 }
743
744 return NULL;
745}
746
747
748static nxt_conf_value_t *
749nxt_cert_alt_names_details(nxt_mp_t *mp, STACK_OF(GENERAL_NAME) *alt_names)
750{
751 nxt_str_t str;
752 nxt_int_t ret;
753 nxt_uint_t i, n, count;
754 GENERAL_NAME *name;
755 nxt_conf_value_t *array;
756
757 count = sk_GENERAL_NAME_num(alt_names);
758 n = 0;
759
760 for (i = 0; i != count; i++) {
761 name = sk_GENERAL_NAME_value(alt_names, i);
762
763 if (name->type != GEN_DNS) {
764 continue;
765 }
766
767 n++;
768 }
769
770 array = nxt_conf_create_array(mp, n);
771 if (nxt_slow_path(array == NULL)) {
772 return NULL;
773 }
774
775 for (n = 0, i = 0; n != count; n++) {
776 name = sk_GENERAL_NAME_value(alt_names, n);
777
778 if (name->type != GEN_DNS) {
779 continue;
780 }
781
782 str.length = ASN1_STRING_length(name->d.dNSName);
783#if OPENSSL_VERSION_NUMBER > 0x10100000L
784 str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName);
785#else
786 str.start = ASN1_STRING_data(name->d.dNSName);
787#endif
788
789 ret = nxt_conf_set_element_string_dup(array, mp, i++, &str);
790 if (nxt_slow_path(ret != NXT_OK)) {
791 return NULL;
792 }
793 }
794
795 return array;
796}
797
798
779nxt_int_t
780nxt_cert_info_delete(nxt_str_t *name)
781{
782 nxt_int_t ret;
783 nxt_cert_info_t *info;
784 nxt_lvlhsh_query_t lhq;
785
786 lhq.key_hash = nxt_djb_hash(name->start, name->length);

--- 416 unchanged lines hidden ---
799nxt_int_t
800nxt_cert_info_delete(nxt_str_t *name)
801{
802 nxt_int_t ret;
803 nxt_cert_info_t *info;
804 nxt_lvlhsh_query_t lhq;
805
806 lhq.key_hash = nxt_djb_hash(name->start, name->length);

--- 416 unchanged lines hidden ---