id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 342 ssl hash of subject and issuer dn Alfred Reibenschuh "the following patch enable to have the (open)ssl hash of issuer and subject in addition to the normal dn available as variables diff -ur nginx-1.4.0/src/event/ngx_event_openssl.c nginx-1.4.0.patched/src/event/ngx_event_openssl.c --- nginx-1.4.0/src/event/ngx_event_openssl.c 2013-02-23 12:54:25.000000000 +0100 +++ nginx-1.4.0.patched/src/event/ngx_event_openssl.c 2013-04-26 15:14:16.506854085 +0200 @@ -2391,6 +2391,41 @@ ngx_int_t +ngx_ssl_get_subject_hash(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) +{ + size_t len; + X509 *cert; + X509_NAME *name; + + s->len = 0; + + cert = SSL_get_peer_certificate(c->ssl->connection); + if (cert == NULL) { + return NGX_OK; + } + + name = X509_get_subject_name(cert); + if (name == NULL) { + X509_free(cert); + return NGX_ERROR; + } + + s->len = 16; + s->data = ngx_pnalloc(pool, 16); + if (s->data == NULL) { + X509_free(cert); + return NGX_ERROR; + } + + len = sprintf((char*)s->data, ""%08lX"", X509_NAME_hash(name)); + + X509_free(cert); + + return NGX_OK; +} + + +ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) { char *p; @@ -2431,6 +2466,40 @@ return NGX_OK; } +ngx_int_t +ngx_ssl_get_issuer_hash(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) +{ + size_t len; + X509 *cert; + X509_NAME *name; + + s->len = 0; + + cert = SSL_get_peer_certificate(c->ssl->connection); + if (cert == NULL) { + return NGX_OK; + } + + name = X509_get_issuer_name(cert); + if (name == NULL) { + X509_free(cert); + return NGX_ERROR; + } + + s->len = 16; + s->data = ngx_pnalloc(pool, 16); + if (s->data == NULL) { + X509_free(cert); + return NGX_ERROR; + } + + len = sprintf((char*)s->data, ""%08lX"", X509_NAME_hash(name)); + + X509_free(cert); + + return NGX_OK; +} + ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) diff -ur nginx-1.4.0/src/event/ngx_event_openssl.h nginx-1.4.0.patched/src/event/ngx_event_openssl.h --- nginx-1.4.0/src/event/ngx_event_openssl.h 2012-10-03 17:24:08.000000000 +0200 +++ nginx-1.4.0.patched/src/event/ngx_event_openssl.h 2013-04-26 15:11:49.966886008 +0200 @@ -145,10 +145,10 @@ ngx_str_t *s); ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); -ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, - ngx_str_t *s); -ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, - ngx_str_t *s); +ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); +ngx_int_t ngx_ssl_get_subject_hash(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); +ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); +ngx_int_t ngx_ssl_get_issuer_hash(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); ngx_int_t ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, diff -ur nginx-1.4.0/src/http/modules/ngx_http_ssl_module.c nginx-1.4.0.patched/src/http/modules/ngx_http_ssl_module.c --- nginx-1.4.0/src/http/modules/ngx_http_ssl_module.c 2013-03-20 11:36:57.000000000 +0100 +++ nginx-1.4.0.patched/src/http/modules/ngx_http_ssl_module.c 2013-04-26 14:57:00.796853986 +0200 @@ -254,6 +254,12 @@ { ngx_string(""ssl_client_i_dn""), NULL, ngx_http_ssl_variable, (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_string(""ssl_client_s_hash""), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_subject_hash, NGX_HTTP_VAR_CHANGEABLE, 0 }, + + { ngx_string(""ssl_client_i_hash""), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_issuer_hash, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_string(""ssl_client_serial""), NULL, ngx_http_ssl_variable, (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 }, " enhancement closed major nginx-module wontfix ssl Linux NMFMQ1 2.6.32-042stab053.5 #1 SMP Tue Mar 27 11:42:17 MSD 2012 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.4.0 "