Google Git
Sign in
nginx/nginx/d02fdbeeeb2867ec513c0de5d045b897645dd694^!/.
commit
d02fdbeeeb2867ec513c0de5d045b897645dd694
[log]
author
Maxim Dounin <mdounin@mdounin.ru>
Mon Dec 05 22:23:22 2016 +0300
committer
Maxim Dounin <mdounin@mdounin.ru>
Mon Dec 05 22:23:22 2016 +0300
tree
f32106af5065012fac4fe660f44c85c022ba1b26
parent
5759d82deb54f96fb86e79782341bacd13599995 [diff]
OCSP stapling: improved error logging context.

It now logs the IP address of the responder used (if it's already known),
as well as the certificate name.

diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
index eadaede..2100516 100644
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c

@@ -47,6 +47,8 @@
     X509                        *cert;
     X509                        *issuer;
 
+    u_char                      *name;
+
     ngx_uint_t                   naddrs;
 
     ngx_addr_t                  *addrs;
@@ -559,6 +561,7 @@
 
     ctx->cert = staple->cert;
     ctx->issuer = staple->issuer;
+    ctx->name = staple->name;
 
     ctx->addrs = staple->addrs;
     ctx->host = staple->host;
@@ -1837,12 +1840,27 @@
     if (log->action) {
         p = ngx_snprintf(buf, len, " while %s", log->action);
         len -= p - buf;
+        buf = p;
     }
 
     ctx = log->data;
 
     if (ctx) {
-        p = ngx_snprintf(p, len, ", responder: %V", &ctx->host);
+        p = ngx_snprintf(buf, len, ", responder: %V", &ctx->host);
+        len -= p - buf;
+        buf = p;
+    }
+
+    if (ctx && ctx->peer.name) {
+        p = ngx_snprintf(buf, len, ", peer: %V", ctx->peer.name);
+        len -= p - buf;
+        buf = p;
+    }
+
+    if (ctx && ctx->name) {
+        p = ngx_snprintf(buf, len, ", certificate: \"%s\"", ctx->name);
+        len -= p - buf;
+        buf = p;
     }
 
     return p;