Mercurial > hg > nginx-vendor-current

diff src/http/ngx_http_request.c @ 636:943566b4d82e NGINX_1_1_2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 1.1.2 *) Change: now if total size of all ranges is greater than source response size, then nginx disables ranges and returns just the source response. *) Feature: the "max_ranges" directive. *) Bugfix: the "ssl_verify_client", "ssl_verify_depth", and "ssl_prefer_server_ciphers" directives might work incorrectly if SNI was used. *) Bugfix: in the "proxy/fastcgi/scgi/uwsgi_ignore_client_abort" directives.
author Igor Sysoev <http://sysoev.ru>
date Mon, 05 Sep 2011 00:00:00 +0400
parents 5b73504dd4ba
children 6f21ae02fb01
line wrap: on
line diff
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -673,6 +673,24 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *
 
     SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx);
 
+    /*
+     * SSL_set_SSL_CTX() only changes certs as of 1.0.0d
+     * adjust other things we care about
+     */
+
+    SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx),
+                   SSL_CTX_get_verify_callback(sscf->ssl.ctx));
+
+    SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx));
+
+#ifdef SSL_CTRL_CLEAR_OPTIONS
+    /* only in 0.9.8m+ */
+    SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) &
+                                ~SSL_CTX_get_options(sscf->ssl.ctx));
+#endif
+
+    SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
+
     return SSL_TLSEXT_ERR_OK;
 }