Mercurial > hg > nginx-quic
comparison src/http/ngx_http_request.c @ 6320:a6902a941279
SSL: fixed possible segfault on renegotiation (ticket #845).
Skip SSL_CTX_set_tlsext_servername_callback in case of renegotiation.
Do nothing in SNI callback as in this case it will be supplied with
request in c->data which isn't expected and doesn't work this way.
This was broken by b40af2fd1c16 (1.9.6) with OpenSSL master branch and LibreSSL.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 08 Dec 2015 16:59:43 +0300 |
parents | b1858fc47e3b |
children | 71edd9192f24 |
comparison
equal
deleted
inserted
replaced
6319:fe0ace132a25 | 6320:a6902a941279 |
---|---|
835 return SSL_TLSEXT_ERR_NOACK; | 835 return SSL_TLSEXT_ERR_NOACK; |
836 } | 836 } |
837 | 837 |
838 c = ngx_ssl_get_connection(ssl_conn); | 838 c = ngx_ssl_get_connection(ssl_conn); |
839 | 839 |
840 if (c->ssl->renegotiation) { | |
841 return SSL_TLSEXT_ERR_NOACK; | |
842 } | |
843 | |
840 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | 844 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, |
841 "SSL server name: \"%s\"", servername); | 845 "SSL server name: \"%s\"", servername); |
842 | 846 |
843 host.len = ngx_strlen(servername); | 847 host.len = ngx_strlen(servername); |
844 | 848 |