static void ngx_ssl_ocsp_request(ngx_ssl_ocsp_ctx_t *ctx) { ngx_resolver_ctx_t *resolve, temp; ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0, "ssl ocsp request"); if (ngx_ssl_ocsp_create_request(ctx) != NGX_OK) { ngx_ssl_ocsp_error(ctx); return; } if (ctx->resolver) { /* resolve OCSP responder hostname */ temp.name = ctx->host; resolve = ngx_resolve_start(ctx->resolver, &temp); if (resolve == NULL) { ngx_ssl_ocsp_error(ctx); return; } if (resolve == NGX_NO_RESOLVER) { ngx_log_error(NGX_LOG_WARN, ctx->log, 0, "no resolver defined to resolve %V", &ctx->host); goto connect; } resolve->name = ctx->host; resolve->type = NGX_RESOLVE_A; resolve->handler = ngx_ssl_ocsp_resolve_handler; resolve->data = ctx; resolve->timeout = ctx->resolver_timeout; if (ngx_resolve_name(resolve) != NGX_OK) { ngx_ssl_ocsp_error(ctx); return; } return; } connect: ngx_ssl_ocsp_connect(ctx); }
static void ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve) { ngx_ssl_ocsp_ctx_t *ctx = resolve->data; u_char *p; size_t len; in_port_t port; socklen_t socklen; ngx_uint_t i; struct sockaddr *sockaddr; ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ctx->log, 0, "ssl ocsp resolve handler"); if (resolve->state) { ngx_log_error(NGX_LOG_ERR, ctx->log, 0, "%V could not be resolved (%i: %s)", &resolve->name, resolve->state, ngx_resolver_strerror(resolve->state)); goto failed; } #if (NGX_DEBUG) { u_char text[NGX_SOCKADDR_STRLEN]; ngx_str_t addr; addr.data = text; for (i = 0; i < resolve->naddrs; i++) { addr.len = ngx_sock_ntop(resolve->addrs[i].sockaddr, resolve->addrs[i].socklen, text, NGX_SOCKADDR_STRLEN, 0); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ctx->log, 0, "name was resolved to %V", &addr); } } #endif ctx->naddrs = resolve->naddrs; ctx->addrs = ngx_pcalloc(ctx->pool, ctx->naddrs * sizeof(ngx_addr_t)); if (ctx->addrs == NULL) { goto failed; } port = htons(ctx->port); for (i = 0; i < resolve->naddrs; i++) { socklen = resolve->addrs[i].socklen; sockaddr = ngx_palloc(ctx->pool, socklen); if (sockaddr == NULL) { goto failed; } ngx_memcpy(sockaddr, resolve->addrs[i].sockaddr, socklen); switch (sockaddr->sa_family) { #if (NGX_HAVE_INET6) case AF_INET6: ((struct sockaddr_in6 *) sockaddr)->sin6_port = port; break; #endif default: /* AF_INET */ ((struct sockaddr_in *) sockaddr)->sin_port = port; } ctx->addrs[i].sockaddr = sockaddr; ctx->addrs[i].socklen = socklen; p = ngx_pnalloc(ctx->pool, NGX_SOCKADDR_STRLEN); if (p == NULL) { goto failed; } len = ngx_sock_ntop(sockaddr, socklen, p, NGX_SOCKADDR_STRLEN, 1); ctx->addrs[i].name.len = len; ctx->addrs[i].name.data = p; } ngx_resolve_name_done(resolve); ngx_ssl_ocsp_connect(ctx); return; failed: ngx_resolve_name_done(resolve); ngx_ssl_ocsp_error(ctx); }
static void ngx_ssl_ocsp_resolve_handler(ngx_resolver_ctx_t *resolve) { ngx_ssl_ocsp_ctx_t *ctx = resolve->data; u_char *p; size_t len; in_port_t port; ngx_uint_t i; struct sockaddr_in *sin; ngx_log_debug0(NGX_LOG_ALERT, ctx->log, 0, "ssl ocsp resolve handler"); if (resolve->state) { ngx_log_error(NGX_LOG_ERR, ctx->log, 0, "%V could not be resolved (%i: %s)", &resolve->name, resolve->state, ngx_resolver_strerror(resolve->state)); goto failed; } #if (NGX_DEBUG) { in_addr_t addr; for (i = 0; i < resolve->naddrs; i++) { addr = ntohl(resolve->addrs[i]); ngx_log_debug4(NGX_LOG_DEBUG_EVENT, ctx->log, 0, "name was resolved to %ud.%ud.%ud.%ud", (addr >> 24) & 0xff, (addr >> 16) & 0xff, (addr >> 8) & 0xff, addr & 0xff); } } #endif ctx->naddrs = resolve->naddrs; ctx->addrs = ngx_pcalloc(ctx->pool, ctx->naddrs * sizeof(ngx_addr_t)); if (ctx->addrs == NULL) { goto failed; } port = htons(ctx->port); for (i = 0; i < resolve->naddrs; i++) { sin = ngx_pcalloc(ctx->pool, sizeof(struct sockaddr_in)); if (sin == NULL) { goto failed; } sin->sin_family = AF_INET; sin->sin_port = port; sin->sin_addr.s_addr = resolve->addrs[i]; ctx->addrs[i].sockaddr = (struct sockaddr *) sin; ctx->addrs[i].socklen = sizeof(struct sockaddr_in); len = NGX_INET_ADDRSTRLEN + sizeof(":65535") - 1; p = ngx_pnalloc(ctx->pool, len); if (p == NULL) { goto failed; } len = ngx_sock_ntop((struct sockaddr *) sin, p, len, 1); ctx->addrs[i].name.len = len; ctx->addrs[i].name.data = p; } ngx_resolve_name_done(resolve); ngx_ssl_ocsp_connect(ctx); return; failed: ngx_resolve_name_done(resolve); ngx_ssl_ocsp_error(ctx); }