Mercurial > hg > nginx-quic
annotate conf/uwsgi_params @ 7367:bf1ac3dc1e68
SSL: fixed segfault on renegotiation (ticket #1646).
In e3ba4026c02d (1.15.4) nginx own renegotiation checks were disabled
if SSL_OP_NO_RENEGOTIATION is available. But since SSL_OP_NO_RENEGOTIATION
is only set on a connection, not in an SSL context, SSL_clear_option()
removed it as long as a matching virtual server was found. This resulted
in a segmentation fault similar to the one fixed in a6902a941279 (1.9.8),
affecting nginx built with OpenSSL 1.1.0h or higher.
To fix this, SSL_OP_NO_RENEGOTIATION is now explicitly set in
ngx_http_ssl_servername() after adjusting options. Additionally, instead
of c->ssl->renegotiation we now check c->ssl->handshaked, which seems
to be a more correct flag to test, and will prevent the segmentation fault
from happening even if SSL_OP_NO_RENEGOTIATION is not working.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 02 Oct 2018 17:46:18 +0300 |
parents | 62869a9b2e7d |
children |
rev | line source |
---|---|
3541
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1 |
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
2 uwsgi_param QUERY_STRING $query_string; |
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
3 uwsgi_param REQUEST_METHOD $request_method; |
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
4 uwsgi_param CONTENT_TYPE $content_type; |
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
5 uwsgi_param CONTENT_LENGTH $content_length; |
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
6 |
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 uwsgi_param REQUEST_URI $request_uri; |
3542
9bf51b3fc1c1
style fix: remove tabs and trailing spaces
Igor Sysoev <igor@sysoev.ru>
parents:
3541
diff
changeset
|
8 uwsgi_param PATH_INFO $document_uri; |
3541
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 uwsgi_param DOCUMENT_ROOT $document_root; |
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 uwsgi_param SERVER_PROTOCOL $server_protocol; |
6168
62869a9b2e7d
Added the REQUEST_SCHEME parameter.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4333
diff
changeset
|
11 uwsgi_param REQUEST_SCHEME $scheme; |
4333
352a7b025f2e
Added HTTPS param with Apache-like behaviour to fastcgi/scgi/uwsgi_params (fixes #38).
Valentin Bartenev <vbart@nginx.com>
parents:
3542
diff
changeset
|
12 uwsgi_param HTTPS $https if_not_empty; |
3541
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
13 |
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
14 uwsgi_param REMOTE_ADDR $remote_addr; |
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
15 uwsgi_param REMOTE_PORT $remote_port; |
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
16 uwsgi_param SERVER_PORT $server_port; |
21452748d165
import original ngx_http_uwsgi_module version
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
17 uwsgi_param SERVER_NAME $server_name; |