Mercurial > hg > nginx
view src/core/ngx_md5.h @ 5094:e0a3714a36f8
SNI: reset to default server if requested host was not found.
Not only this is consistent with a case without SNI, but this also
prevents abusing configurations that assume that the $host variable
is limited to one of the configured names for a server.
An example of potentially unsafe configuration:
server {
listen 443 ssl default_server;
...
}
server {
listen 443;
server_name example.com;
location / {
proxy_pass http://$host;
}
}
Note: it is possible to negotiate "example.com" by SNI, and to request
arbitrary host name that does not exist in the configuration above.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Wed, 27 Feb 2013 17:38:54 +0000 |
parents | d620f497c50f |
children | 9eefb38f0005 |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_MD5_H_INCLUDED_ #define _NGX_MD5_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #if (NGX_HAVE_MD5) #if (NGX_HAVE_OPENSSL_MD5_H) #include <openssl/md5.h> #else #include <md5.h> #endif typedef MD5_CTX ngx_md5_t; #if (NGX_OPENSSL_MD5) #define ngx_md5_init MD5_Init #define ngx_md5_update MD5_Update #define ngx_md5_final MD5_Final #else #define ngx_md5_init MD5Init #define ngx_md5_update MD5Update #define ngx_md5_final MD5Final #endif #else /* !NGX_HAVE_MD5 */ typedef struct { uint64_t bytes; uint32_t a, b, c, d; u_char buffer[64]; } ngx_md5_t; void ngx_md5_init(ngx_md5_t *ctx); void ngx_md5_update(ngx_md5_t *ctx, const void *data, size_t size); void ngx_md5_final(u_char result[16], ngx_md5_t *ctx); #endif #endif /* _NGX_MD5_H_INCLUDED_ */