Mercurial > hg > nginx
view contrib/geo2nginx.pl @ 8871:74b43926b470 quic
HTTP/3: fixed segfault when using SSL certificates with variables.
A QUIC connection doesn't have c->log->data and friends initialized to sensible
values. Yet, a request can be created in the certificate callback with such an
assumption, which leads to a segmentation fault due to null pointer dereference
in ngx_http_free_request(). The fix is to adjust initializing the QUIC part of
a connection such that it has all of that in place.
Further, this appends logging error context for unsuccessful QUIC handshakes:
- cannot load certificate .. while handling frames
- SSL_do_handshake() failed .. while sending frames
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 29 Sep 2021 15:01:59 +0300 |
| parents | c9ad0d9c7d59 |
| children |
line wrap: on
line source
#!/usr/bin/perl -w # (c) Andrei Nigmatulin, 2005 # # this script provided "as is", without any warranties. use it at your own risk. # # special thanx to Andrew Sitnikov for perl port # # this script converts CSV geoip database (free download at http://www.maxmind.com/app/geoip_country) # to format, suitable for use with nginx_http_geo module (http://sysoev.ru/nginx) # # for example, line with ip range # # "62.16.68.0","62.16.127.255","1041253376","1041268735","RU","Russian Federation" # # will be converted to four subnetworks: # # 62.16.68.0/22 RU; # 62.16.72.0/21 RU; # 62.16.80.0/20 RU; # 62.16.96.0/19 RU; use warnings; use strict; while( <STDIN> ){ if (/"[^"]+","[^"]+","([^"]+)","([^"]+)","([^"]+)"/){ print_subnets($1, $2, $3); } } sub print_subnets { my ($a1, $a2, $c) = @_; my $l; while ($a1 <= $a2) { for ($l = 0; ($a1 & (1 << $l)) == 0 && ($a1 + ((1 << ($l + 1)) - 1)) <= $a2; $l++){}; print long2ip($a1) . "/" . (32 - $l) . " " . $c . ";\n"; $a1 += (1 << $l); } } sub long2ip { my $ip = shift; my $str = 0; $str = ($ip & 255); $ip >>= 8; $str = ($ip & 255).".$str"; $ip >>= 8; $str = ($ip & 255).".$str"; $ip >>= 8; $str = ($ip & 255).".$str"; }