Mercurial > hg > nginx-quic
annotate src/mail/ngx_mail_ssl_module.h @ 8633:74b43926b470 quic
HTTP/3: fixed segfault when using SSL certificates with variables.
A QUIC connection doesn't have c->log->data and friends initialized to sensible
values. Yet, a request can be created in the certificate callback with such an
assumption, which leads to a segmentation fault due to null pointer dereference
in ngx_http_free_request(). The fix is to adjust initializing the QUIC part of
a connection such that it has all of that in place.
Further, this appends logging error context for unsuccessful QUIC handshakes:
- cannot load certificate .. while handling frames
- SSL_do_handshake() failed .. while sending frames
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 29 Sep 2021 15:01:59 +0300 |
parents | 3bff3f397c05 |
children |
rev | line source |
---|---|
539 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
539 | 5 */ |
6 | |
7 | |
1136 | 8 #ifndef _NGX_MAIL_SSL_H_INCLUDED_ |
9 #define _NGX_MAIL_SSL_H_INCLUDED_ | |
539 | 10 |
11 | |
12 #include <ngx_config.h> | |
13 #include <ngx_core.h> | |
1136 | 14 #include <ngx_mail.h> |
539 | 15 |
16 | |
1136 | 17 #define NGX_MAIL_STARTTLS_OFF 0 |
18 #define NGX_MAIL_STARTTLS_ON 1 | |
19 #define NGX_MAIL_STARTTLS_ONLY 2 | |
583 | 20 |
21 | |
539 | 22 typedef struct { |
976 | 23 ngx_flag_t enable; |
2224 | 24 ngx_flag_t prefer_server_ciphers; |
976 | 25 |
26 ngx_ssl_t ssl; | |
547 | 27 |
2224 | 28 ngx_uint_t starttls; |
7269
7f955d3b9a0d
SSL: detect "listen ... ssl" without certificates (ticket #178).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6550
diff
changeset
|
29 ngx_uint_t listen; |
976 | 30 ngx_uint_t protocols; |
547 | 31 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
32 ngx_uint_t verify; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
33 ngx_uint_t verify_depth; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
34 |
976 | 35 ssize_t builtin_session_cache; |
547 | 36 |
976 | 37 time_t session_timeout; |
573 | 38 |
6550
51e1f047d15d
SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents:
5989
diff
changeset
|
39 ngx_array_t *certificates; |
51e1f047d15d
SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents:
5989
diff
changeset
|
40 ngx_array_t *certificate_keys; |
51e1f047d15d
SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents:
5989
diff
changeset
|
41 |
2044 | 42 ngx_str_t dhparam; |
3960 | 43 ngx_str_t ecdh_curve; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
44 ngx_str_t client_certificate; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
45 ngx_str_t trusted_certificate; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
46 ngx_str_t crl; |
539 | 47 |
976 | 48 ngx_str_t ciphers; |
539 | 49 |
5744
42114bf12da0
SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents:
5503
diff
changeset
|
50 ngx_array_t *passwords; |
8182
3bff3f397c05
SSL: ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7269
diff
changeset
|
51 ngx_array_t *conf_commands; |
5744
42114bf12da0
SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents:
5503
diff
changeset
|
52 |
976 | 53 ngx_shm_zone_t *shm_zone; |
2224 | 54 |
5503
d049b0ea00a3
SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents:
5425
diff
changeset
|
55 ngx_flag_t session_tickets; |
5425
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
4412
diff
changeset
|
56 ngx_array_t *session_ticket_keys; |
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
4412
diff
changeset
|
57 |
2224 | 58 u_char *file; |
59 ngx_uint_t line; | |
1136 | 60 } ngx_mail_ssl_conf_t; |
539 | 61 |
62 | |
1136 | 63 extern ngx_module_t ngx_mail_ssl_module; |
539 | 64 |
65 | |
1136 | 66 #endif /* _NGX_MAIL_SSL_H_INCLUDED_ */ |