Mercurial > hg > nginx-quic
annotate src/core/ngx_list.c @ 6982:ac9b1df5b246
SSL: disabled renegotiation detection in client mode.
CVE-2009-3555 is no longer relevant and mitigated by the renegotiation
info extension (secure renegotiation). On the other hand, unexpected
renegotiation still introduces potential security risks, and hence we do
not allow renegotiation on the server side, as we never request renegotiation.
On the client side the situation is different though. There are backends
which explicitly request renegotiation, and disabled renegotiation
introduces interoperability problems. This change allows renegotiation
on the client side, and fixes interoperability problems as observed with
such backends (ticket #872).
Additionally, with TLSv1.3 the SSL_CB_HANDSHAKE_START flag is currently set
by OpenSSL when receiving a NewSessionTicket message, and was detected by
nginx as a renegotiation attempt. This looks like a bug in OpenSSL, though
this change also allows better interoperability till the problem is fixed.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 18 Apr 2017 16:08:44 +0300 |
| parents | a82f305487c2 |
| children |
| rev | line source |
|---|---|
|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
416
diff
changeset
|
1 |
|
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
416
diff
changeset
|
2 /* |
|
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
| 4412 | 4 * Copyright (C) Nginx, Inc. |
|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
416
diff
changeset
|
5 */ |
|
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
416
diff
changeset
|
6 |
|
414
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 |
| 766 | 12 ngx_list_t * |
| 13 ngx_list_create(ngx_pool_t *pool, ngx_uint_t n, size_t size) | |
| 14 { | |
| 15 ngx_list_t *list; | |
| 16 | |
| 17 list = ngx_palloc(pool, sizeof(ngx_list_t)); | |
| 18 if (list == NULL) { | |
| 19 return NULL; | |
| 20 } | |
| 21 | |
|
5253
a82f305487c2
Simplified ngx_list_create().
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
22 if (ngx_list_init(list, pool, n, size) != NGX_OK) { |
| 766 | 23 return NULL; |
| 24 } | |
| 25 | |
| 26 return list; | |
| 27 } | |
| 28 | |
| 29 | |
| 30 void * | |
| 31 ngx_list_push(ngx_list_t *l) | |
|
414
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
32 { |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
33 void *elt; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
34 ngx_list_part_t *last; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
35 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
36 last = l->last; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
37 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
38 if (last->nelts == l->nalloc) { |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
39 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
40 /* the last part is full, allocate a new list part */ |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
41 |
| 501 | 42 last = ngx_palloc(l->pool, sizeof(ngx_list_part_t)); |
| 43 if (last == NULL) { | |
|
414
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
44 return NULL; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
45 } |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
46 |
| 501 | 47 last->elts = ngx_palloc(l->pool, l->nalloc * l->size); |
| 48 if (last->elts == NULL) { | |
|
414
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
49 return NULL; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
50 } |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
51 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
52 last->nelts = 0; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
53 last->next = NULL; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
54 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
55 l->last->next = last; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
56 l->last = last; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
57 } |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
58 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
59 elt = (char *) last->elts + l->size * last->nelts; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
60 last->nelts++; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
61 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
62 return elt; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 } |