[PATCH 2 of 3] PSK: add PSK identity variable

Maxim Dounin mdounin at mdounin.ru
Thu Jun 29 21:19:29 UTC 2017 

Hello!

On Thu, Jun 22, 2017 at 01:24:57PM +0000, Karstens, Nate wrote:

> # HG changeset patch
> # User Nate Karstens <nate.karstens at garmin.com>
> # Date 1498137207 18000
> #      Thu Jun 22 08:13:27 2017 -0500
> # Node ID a4635fa4a0cabf5312cda617b8010ea14279ab1c
> # Parent  3fb3c4928d06029ca1d57853a163c9f56fa90bca
> PSK: add PSK identity variable

Style: "SSL: " prefix, dot.

> 
> Adds the variable $ssl_psk_identity to get the PSK identity
> used in a connnection secured with a PSK cipher suite.
> 
> Signed-off-by: Nate Karstens <nate.karstens at garmin.com>
> 
> diff -r 3fb3c4928d06 -r a4635fa4a0ca src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c     Thu Jun 22 08:13:00 2017 -0500
> +++ b/src/event/ngx_event_openssl.c     Thu Jun 22 08:13:27 2017 -0500
> @@ -4147,6 +4147,33 @@
>  }
> 
> 
> +ngx_int_t
> +ngx_ssl_get_psk_identity(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
> +{
> +    const char *identity;
> +    size_t      len;

Style: two spaces between type and "*", order from short type to 
long type.

> +
> +    identity = SSL_get_psk_identity(c->ssl->connection);
> +
> +    if (identity == NULL) {
> +        s->len = 0;
> +        return NGX_OK;
> +    }
> +
> +    len = ngx_strlen(identity);
> +
> +    s->data = ngx_pnalloc(pool, len);
> +    if (s->data == NULL) {
> +        return NGX_ERROR;
> +    }
> +
> +    ngx_memcpy(s->data, identity, len);
> +    s->len = len;

Is the allocation of additional buffer is needed here?  For 
example, in ngx_ssl_get_server_name() we simply use the memory 
returned.

> +
> +    return NGX_OK;
> +}
> +
> +
>  static time_t
>  ngx_ssl_parse_time(
>  #if OPENSSL_VERSION_NUMBER > 0x10100000L
> diff -r 3fb3c4928d06 -r a4635fa4a0ca src/event/ngx_event_openssl.h
> --- a/src/event/ngx_event_openssl.h     Thu Jun 22 08:13:00 2017 -0500
> +++ b/src/event/ngx_event_openssl.h     Thu Jun 22 08:13:27 2017 -0500
> @@ -233,6 +233,8 @@
>      ngx_str_t *s);
>  ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool,
>      ngx_str_t *s);
> +ngx_int_t ngx_ssl_get_psk_identity(ngx_connection_t *c, ngx_pool_t *pool,
> +    ngx_str_t *s);
> 
> 
>  ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
> diff -r 3fb3c4928d06 -r a4635fa4a0ca src/http/modules/ngx_http_ssl_module.c
> --- a/src/http/modules/ngx_http_ssl_module.c    Thu Jun 22 08:13:00 2017 -0500
> +++ b/src/http/modules/ngx_http_ssl_module.c    Thu Jun 22 08:13:27 2017 -0500
> @@ -336,6 +336,9 @@
>      { ngx_string("ssl_client_v_remain"), NULL, ngx_http_ssl_variable,
>        (uintptr_t) ngx_ssl_get_client_v_remain, NGX_HTTP_VAR_CHANGEABLE, 0 },
> 
> +    { ngx_string("ssl_psk_identity"), NULL, ngx_http_ssl_variable,
> +      (uintptr_t) ngx_ssl_get_psk_identity, NGX_HTTP_VAR_CHANGEABLE, 0 },
> +
>      { ngx_null_string, NULL, NULL, 0, 0, 0 }
>  };
> 
> 
> ________________________________
> 
> CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient(s) and contain information that may be Garmin confidential and/or Garmin legally privileged. If you have received this email in error, please notify the sender by reply email and delete the message. Any disclosure, copying, distribution or use of this communication (including attachments) by someone other than the intended recipient is prohibited. Thank you.
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

-- 
Maxim Dounin
http://nginx.org/

More information about the nginx-devel mailing list