[PATCH] OCSP stapling: fix error logging of successful OCSP responses.

Piotr Sikora piotr at cloudflare.com
Thu May 16 22:42:01 UTC 2013


changeset:   5215:cfab1e7e4ac2
user:        Piotr Sikora <piotr at cloudflare.com>
date:        Thu May 16 15:37:13 2013 -0700
files:       src/event/ngx_event_openssl_stapling.c
description:
OCSP stapling: fix error logging of successful OCSP responses.

Due to a bad argument list, nginx worker would crash (SIGSEGV) while
trying to log the fact that it received OCSP response with "revoked"
or "unknown" certificate status.

While there, fix similar (but non-crashing) error a few lines above.

Signed-off-by: Piotr Sikora <piotr at cloudflare.com>


diff -r 2220de0521ca -r cfab1e7e4ac2 src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c    Thu May 09 10:54:28 2013 +0200
+++ b/src/event/ngx_event_openssl_stapling.c    Thu May 16 15:37:13 2013 -0700
@@ -611,15 +611,14 @@
         != 1)
     {
         ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
-                      "certificate status not found in the OCSP response",
-                      n, OCSP_response_status_str(n));
+                      "certificate status not found in the OCSP response");
         goto error;
     }

     if (n != V_OCSP_CERTSTATUS_GOOD) {
         ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
                       "certificate status \"%s\" in the OCSP response",
-                      n, OCSP_cert_status_str(n));
+                      OCSP_cert_status_str(n));
         goto error;
     }



More information about the nginx-devel mailing list