details: http://hg.nginx.org/nginx/rev/97e3769637a7
branches:
changeset: 5531:97e3769637a7
user: Maxim Dounin <mdou...@mdounin.ru>
date: Wed Jan 22 16:05:06 2014 +0400
description:
SSL: fixed $ssl_session_id variable.
Previously, it used to contain full session serialized instead of just
a session id, making it almost impossible to use the variable in a safe
way.
Thanks to Ivan Risti?.
diffstat:
src/event/ngx_event_openssl.c | 16 +++-------------
1 files changed, 3 insertions(+), 13 deletions(-)
diffs (39 lines):
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2504,32 +2504,22 @@ ngx_int_t
ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
int len;
- u_char *p, *buf;
+ u_char *buf;
SSL_SESSION *sess;
sess = SSL_get0_session(c->ssl->connection);
- len = i2d_SSL_SESSION(sess, NULL);
-
- buf = ngx_alloc(len, c->log);
- if (buf == NULL) {
- return NGX_ERROR;
- }
+ buf = sess->session_id;
+ len = sess->session_id_length;
s->len = 2 * len;
s->data = ngx_pnalloc(pool, 2 * len);
if (s->data == NULL) {
- ngx_free(buf);
return NGX_ERROR;
}
- p = buf;
- i2d_SSL_SESSION(sess, &p);
-
ngx_hex_dump(s->data, buf, len);
- ngx_free(buf);
-
return NGX_OK;
}
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
