Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check SCTs to auto-detect which to attach to a certificate #27

Open
wants to merge 23 commits into
base: master
Choose a base branch
from
Open

Check SCTs to auto-detect which to attach to a certificate #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
2b3fa6c
chg: Verify SCTs before attaching them to a configured certificate
BenBE May 13, 2017
843706d
fix: Several compilation issues
BenBE Jul 11, 2017
ffe9120
fix: CT Log Information Config File directive implementation was broken
BenBE Jul 11, 2017
ee728b6
fix: Incomplete previous fix
BenBE Jul 11, 2017
301d346
fix: Even more fixes
BenBE Jul 11, 2017
d166056
fix: Properly make the ssl_ct_log directive optional
BenBE Jul 11, 2017
ef16b31
Properly merge CT-Log config from parent context
BenBE Jul 11, 2017
b730131
chg: Be less strict about number of SCT directories and where to enable
BenBE Jul 11, 2017
0f918eb
fix: Properly access array elements
BenBE Jul 11, 2017
f35e984
fix: Proper underlaying array type
BenBE Jul 11, 2017
16d7ac4
add: Lots of logging for errors
BenBE Jul 13, 2017
3eeb006
del: Remove invalid check causing early abort
BenBE Jul 13, 2017
6ffbbac
add: Set explicit timestamp for verification
BenBE Jul 15, 2017
07f455c
add: Make the certificate subject available for logging
BenBE Jul 15, 2017
acb3336
fix: Fill out any fields OpenSSL might expect us to fill
BenBE Jul 15, 2017
b36d54a
fmt: Be somewhat more explicit when performing checks
BenBE Jul 15, 2017
7241617
fix: Increase storage pointer by size of SCT plus size of length field
BenBE Jul 15, 2017
4a637c5
chg: Lower the debug level for certain messages
BenBE Jul 15, 2017
3eda0e5
chg: More refined logging
BenBE Jul 15, 2017
6466991
chg: Refine some conditions
BenBE Jul 15, 2017
2917e15
chg: Make ngx_ssl_ct_ext_cb private-use only
BenBE Dec 7, 2024
badf911
del: Drop anchient OpenSSL version support
BenBE Dec 7, 2024
71bf4d2
chg: Update implementation for nginx >= 1.27.2
BenBE Dec 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 9 additions & 13 deletions ngx_http_ssl_ct_module.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,14 @@ static ngx_command_t ngx_http_ssl_ct_commands[] = {
offsetof(ngx_ssl_ct_srv_conf_t, sct_dirs),
NULL
},
{
ngx_string("ssl_ct_log"),
NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_CONF_TAKE1,
&ngx_conf_set_str_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_ssl_ct_srv_conf_t, ctlog),
NULL
},
ngx_null_command
};

Expand All @@ -74,17 +82,5 @@ static char *ngx_http_ssl_ct_merge_srv_conf(ngx_conf_t *cf, void *parent,
ngx_http_ssl_srv_conf_t *ssl_conf = ngx_http_conf_get_module_srv_conf(cf,
ngx_http_ssl_module);

ngx_array_t *certificates;

#if nginx_version >= 1011000
certificates = ssl_conf->certificates;
#else
certificates = ngx_array_create(cf->pool, 1, sizeof(ngx_str_t));

ngx_str_t *certificate = ngx_array_push(certificates);
*certificate = ssl_conf->certificate;
#endif

return ngx_ssl_ct_merge_srv_conf(cf, parent, child, ssl_conf->ssl.ctx,
certificates);
return ngx_ssl_ct_merge_srv_conf(cf, parent, child, &ssl_conf->ssl);
}
22 changes: 9 additions & 13 deletions ngx_mail_ssl_ct_module.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,14 @@ static ngx_command_t ngx_mail_ssl_ct_commands[] = {
offsetof(ngx_ssl_ct_srv_conf_t, sct_dirs),
NULL
},
{
ngx_string("ssl_ct_log"),
NGX_MAIL_MAIN_CONF | NGX_MAIL_SRV_CONF | NGX_CONF_TAKE1,
&ngx_conf_set_str_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_ssl_ct_srv_conf_t, ctlog),
NULL
},
ngx_null_command
};

Expand All @@ -70,17 +78,5 @@ static char *ngx_mail_ssl_ct_merge_srv_conf(ngx_conf_t *cf, void *parent,
ngx_mail_ssl_conf_t *ssl_conf = ngx_mail_conf_get_module_srv_conf(cf,
ngx_mail_ssl_module);

ngx_array_t *certificates;

#if nginx_version >= 1011000
certificates = ssl_conf->certificates;
#else
certificates = ngx_array_create(cf->pool, 1, sizeof(ngx_str_t));

ngx_str_t *certificate = ngx_array_push(certificates);
*certificate = ssl_conf->certificate;
#endif

return ngx_ssl_ct_merge_srv_conf(cf, parent, child, ssl_conf->ssl.ctx,
certificates);
return ngx_ssl_ct_merge_srv_conf(cf, parent, child, &ssl_conf->ssl);
}
Loading