[PATCH] [PATCH 3 of 4] SSL: add PSK identity variable

Nate Karstens nate.karstens at garmin.com
Thu Aug 24 02:22:17 UTC 2017 

# HG changeset patch
# User Nate Karstens <nate.karstens at garmin.com>
# Date 1503540211 18000
#      Wed Aug 23 21:03:31 2017 -0500
# Node ID a11e114a2bcde4afb515dd0b70f3ef39693f475a
# Parent  97953fe374455a04973268c4b2fbadd7ced91ffe
[PATCH 3 of 4] SSL: add PSK identity variable.

Adds the variable $ssl_psk_identity to get the PSK identity
used in a connnection secured with a PSK cipher suite.

Signed-off-by: Nate Karstens <nate.karstens at garmin.com>

diff -r 97953fe37445 -r a11e114a2bcd src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c     Wed Aug 23 21:00:59 2017 -0500
+++ b/src/event/ngx_event_openssl.c     Wed Aug 23 21:03:31 2017 -0500
@@ -4388,6 +4388,38 @@ ngx_ssl_parse_time(
 }


+ngx_int_t
+ngx_ssl_get_psk_identity(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
+{
+#ifdef PSK_MAX_IDENTITY_LEN
+
+    const char  *identity;
+
+    s->len = 0;
+
+    identity = SSL_get_psk_identity(c->ssl->connection);
+
+    if (identity) {
+        s->len = ngx_strlen(identity);
+
+        s->data = ngx_pnalloc(pool, s->len + 1);
+        if (s->data == NULL) {
+            return NGX_ERROR;
+        }
+
+        ngx_cpystrn(s->data, (u_char *) identity, s->len + 1);
+    }
+
+#else
+
+    s->len = 0;
+
+#endif
+
+    return NGX_OK;
+}
+
+
 static void *
 ngx_openssl_create_conf(ngx_cycle_t *cycle)
 {
diff -r 97953fe37445 -r a11e114a2bcd src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h     Wed Aug 23 21:00:59 2017 -0500
+++ b/src/event/ngx_event_openssl.h     Wed Aug 23 21:03:31 2017 -0500
@@ -235,6 +235,8 @@ ngx_int_t ngx_ssl_get_client_v_end(ngx_c
     ngx_str_t *s);
 ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool,
     ngx_str_t *s);
+ngx_int_t ngx_ssl_get_psk_identity(ngx_connection_t *c, ngx_pool_t *pool,
+    ngx_str_t *s);


 ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
diff -r 97953fe37445 -r a11e114a2bcd src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c    Wed Aug 23 21:00:59 2017 -0500
+++ b/src/http/modules/ngx_http_ssl_module.c    Wed Aug 23 21:03:31 2017 -0500
@@ -340,6 +340,9 @@ static ngx_http_variable_t  ngx_http_ssl
     { ngx_string("ssl_client_v_remain"), NULL, ngx_http_ssl_variable,
       (uintptr_t) ngx_ssl_get_client_v_remain, NGX_HTTP_VAR_CHANGEABLE, 0 },

+    { ngx_string("ssl_psk_identity"), NULL, ngx_http_ssl_variable,
+      (uintptr_t) ngx_ssl_get_psk_identity, NGX_HTTP_VAR_CHANGEABLE, 0 },
+
       ngx_http_null_variable
 };


________________________________

CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient(s) and contain information that may be Garmin confidential and/or Garmin legally privileged. If you have received this email in error, please notify the sender by reply email and delete the message. Any disclosure, copying, distribution or use of this communication (including attachments) by someone other than the intended recipient is prohibited. Thank you.

More information about the nginx-devel mailing list