SSL: fixed $ssl_session_id variable.

Previously, it used to contain full session serialized instead of just a session id, making it almost impossible to use the variable in a safe way. Thanks to Ivan Ristić.
author: Maxim Dounin <mdounin@mdounin.ru> 2014-01-22 16:05:06 +0400
committer: Maxim Dounin <mdounin@mdounin.ru> 2014-01-22 16:05:06 +0400
commit: 23ddf1464817e4fe1479427e9aed14c2ae64f44c (patch)
tree: 22695e146544db896efd24b5a260852f461c3686
parent: 6b949b3920b0ca0aa2a4e736927a562c13a04376 (diff)
download: nginx-23ddf1464817e4fe1479427e9aed14c2ae64f44c.tar.gz
1 files changed, 3 insertions, 13 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 3e289cc5b..9b1804e47 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2229,32 +2229,22 @@ ngx_int_t
 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 {
     int           len;
-    u_char       *p, *buf;
+    u_char       *buf;
     SSL_SESSION  *sess;
 
     sess = SSL_get0_session(c->ssl->connection);
 
-    len = i2d_SSL_SESSION(sess, NULL);
-
-    buf = ngx_alloc(len, c->log);
-    if (buf == NULL) {
-        return NGX_ERROR;
-    }
+    buf = sess->session_id;
+    len = sess->session_id_length;
 
     s->len = 2 * len;
     s->data = ngx_pnalloc(pool, 2 * len);
     if (s->data == NULL) {
-        ngx_free(buf);
         return NGX_ERROR;
     }
 
-    p = buf;
-    i2d_SSL_SESSION(sess, &p);
-
     ngx_hex_dump(s->data, buf, len);
 
-    ngx_free(buf);
-
     return NGX_OK;
 }
author	Maxim Dounin <mdounin@mdounin.ru>	2014-01-22 16:05:06 +0400
committer	Maxim Dounin <mdounin@mdounin.ru>	2014-01-22 16:05:06 +0400
commit	23ddf1464817e4fe1479427e9aed14c2ae64f44c (patch)
tree	22695e146544db896efd24b5a260852f461c3686
parent	6b949b3920b0ca0aa2a4e736927a562c13a04376 (diff)
download	nginx-23ddf1464817e4fe1479427e9aed14c2ae64f44c.tar.gz