diff options
author | Maxim Dounin <mdounin@mdounin.ru> | 2014-01-22 16:05:06 +0400 |
---|---|---|
committer | Maxim Dounin <mdounin@mdounin.ru> | 2014-01-22 16:05:06 +0400 |
commit | 23ddf1464817e4fe1479427e9aed14c2ae64f44c (patch) | |
tree | 22695e146544db896efd24b5a260852f461c3686 | |
parent | 6b949b3920b0ca0aa2a4e736927a562c13a04376 (diff) | |
download | nginx-23ddf1464817e4fe1479427e9aed14c2ae64f44c.tar.gz |
SSL: fixed $ssl_session_id variable.
Previously, it used to contain full session serialized instead of just
a session id, making it almost impossible to use the variable in a safe
way.
Thanks to Ivan Ristić.
-rw-r--r-- | src/event/ngx_event_openssl.c | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 3e289cc5b..9b1804e47 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -2229,32 +2229,22 @@ ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) { int len; - u_char *p, *buf; + u_char *buf; SSL_SESSION *sess; sess = SSL_get0_session(c->ssl->connection); - len = i2d_SSL_SESSION(sess, NULL); - - buf = ngx_alloc(len, c->log); - if (buf == NULL) { - return NGX_ERROR; - } + buf = sess->session_id; + len = sess->session_id_length; s->len = 2 * len; s->data = ngx_pnalloc(pool, 2 * len); if (s->data == NULL) { - ngx_free(buf); return NGX_ERROR; } - p = buf; - i2d_SSL_SESSION(sess, &p); - ngx_hex_dump(s->data, buf, len); - ngx_free(buf); - return NGX_OK; } |