diff options
| author | Valentin Bartenev <vbart@nginx.com> | 2021-03-24 16:38:05 +0300 |
|---|---|---|
| committer | Valentin Bartenev <vbart@nginx.com> | 2021-03-24 16:38:05 +0300 |
| commit | a6c6dcf5f7856a96881373a2dbd1f14bda396c45 (patch) | |
| tree | 5e31f8fb8a2ae01a7af8093d352de16a15c10646 /src/nxt_cert.c | |
| parent | f18a41c84bb573607eaab9fec0c070cd159493f0 (diff) | |
| download | unit-a6c6dcf5f7856a96881373a2dbd1f14bda396c45.tar.gz unit-a6c6dcf5f7856a96881373a2dbd1f14bda396c45.tar.bz2 | |
Certificates: moved SAN processing to a separate function.
No functional changes.
Diffstat (limited to 'src/nxt_cert.c')
| -rw-r--r-- | src/nxt_cert.c | 92 |
1 files changed, 56 insertions, 36 deletions
diff --git a/src/nxt_cert.c b/src/nxt_cert.c index 0b986b0d..f3f4bace 100644 --- a/src/nxt_cert.c +++ b/src/nxt_cert.c @@ -46,6 +46,8 @@ static int nxt_nxt_cert_pem_suffix(char *pem_str, const char *suffix); static nxt_conf_value_t *nxt_cert_details(nxt_mp_t *mp, nxt_cert_t *cert); static nxt_conf_value_t *nxt_cert_name_details(nxt_mp_t *mp, X509 *x509, nxt_bool_t issuer); +static nxt_conf_value_t *nxt_cert_alt_names_details(nxt_mp_t *mp, + STACK_OF(GENERAL_NAME) *alt_names); static nxt_lvlhsh_t nxt_cert_info; @@ -654,7 +656,6 @@ nxt_cert_name_details(nxt_mp_t *mp, X509 *x509, nxt_bool_t issuer) nxt_str_t str; nxt_int_t ret; nxt_uint_t i, n, count; - GENERAL_NAME *name; nxt_conf_value_t *object, *names; STACK_OF(GENERAL_NAME) *alt_names; u_char buf[256]; @@ -721,46 +722,14 @@ nxt_cert_name_details(nxt_mp_t *mp, X509 *x509, nxt_bool_t issuer) } if (alt_names != NULL) { - count = sk_GENERAL_NAME_num(alt_names); - n = 0; + names = nxt_cert_alt_names_details(mp, alt_names); - for (i = 0; i != count; i++) { - name = sk_GENERAL_NAME_value(alt_names, i); - - if (name->type != GEN_DNS) { - continue; - } - - n++; - } + sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free); - names = nxt_conf_create_array(mp, n); if (nxt_slow_path(names == NULL)) { - goto fail; - } - - for (n = 0, i = 0; n != count; n++) { - name = sk_GENERAL_NAME_value(alt_names, n); - - if (name->type != GEN_DNS) { - continue; - } - - str.length = ASN1_STRING_length(name->d.dNSName); -#if OPENSSL_VERSION_NUMBER > 0x10100000L - str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName); -#else - str.start = ASN1_STRING_data(name->d.dNSName); -#endif - - ret = nxt_conf_set_element_string_dup(names, mp, i++, &str); - if (nxt_slow_path(ret != NXT_OK)) { - goto fail; - } + return NULL; } - sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free); - nxt_conf_set_member(object, &alt_names_str, names, 1); } @@ -776,6 +745,57 @@ fail: } +static nxt_conf_value_t * +nxt_cert_alt_names_details(nxt_mp_t *mp, STACK_OF(GENERAL_NAME) *alt_names) +{ + nxt_str_t str; + nxt_int_t ret; + nxt_uint_t i, n, count; + GENERAL_NAME *name; + nxt_conf_value_t *array; + + count = sk_GENERAL_NAME_num(alt_names); + n = 0; + + for (i = 0; i != count; i++) { + name = sk_GENERAL_NAME_value(alt_names, i); + + if (name->type != GEN_DNS) { + continue; + } + + n++; + } + + array = nxt_conf_create_array(mp, n); + if (nxt_slow_path(array == NULL)) { + return NULL; + } + + for (n = 0, i = 0; n != count; n++) { + name = sk_GENERAL_NAME_value(alt_names, n); + + if (name->type != GEN_DNS) { + continue; + } + + str.length = ASN1_STRING_length(name->d.dNSName); +#if OPENSSL_VERSION_NUMBER > 0x10100000L + str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName); +#else + str.start = ASN1_STRING_data(name->d.dNSName); +#endif + + ret = nxt_conf_set_element_string_dup(array, mp, i++, &str); + if (nxt_slow_path(ret != NXT_OK)) { + return NULL; + } + } + + return array; +} + + nxt_int_t nxt_cert_info_delete(nxt_str_t *name) { |