Mercurial > hg > nginx-quic
view docs/GNUmakefile @ 7465:6708bec13757
SSL: adjusted session id context with dynamic certificates.
Dynamic certificates re-introduce problem with incorrect session
reuse (AKA "virtual host confusion", CVE-2014-3616), since there are
no server certificates to generate session id context from.
To prevent this, session id context is now generated from ssl_certificate
directives as specified in the configuration. This approach prevents
incorrect session reuse in most cases, while still allowing sharing
sessions across multiple machines with ssl_session_ticket_key set as
long as configurations are identical.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 25 Feb 2019 16:42:54 +0300 |
| parents | f303f3e43f7b |
| children |
line wrap: on
line source
VER= $(shell grep 'define NGINX_VERSION' src/core/nginx.h \ | sed -e 's/^.*"\(.*\)".*/\1/') NGINX= nginx-$(VER) TEMP= tmp XSLS?= xslscript.pl all: changes changes: $(TEMP)/$(NGINX)/CHANGES.ru \ $(TEMP)/$(NGINX)/CHANGES $(TEMP)/$(NGINX)/CHANGES.ru: docs/dtd/changes.dtd \ docs/xml/nginx/changes.xml \ docs/xml/change_log_conf.xml \ docs/xslt/changes.xslt mkdir -p $(TEMP)/$(NGINX) xmllint --noout --valid docs/xml/nginx/changes.xml xsltproc --stringparam lang ru \ -o $@ docs/xslt/changes.xslt docs/xml/nginx/changes.xml $(TEMP)/$(NGINX)/CHANGES: docs/dtd/changes.dtd \ docs/xml/nginx/changes.xml \ docs/xml/change_log_conf.xml \ docs/xslt/changes.xslt mkdir -p $(TEMP)/$(NGINX) xmllint --noout --valid docs/xml/nginx/changes.xml xsltproc --stringparam lang en \ -o $@ docs/xslt/changes.xslt docs/xml/nginx/changes.xml docs/xslt/changes.xslt: docs/xsls/changes.xsls $(XSLS) -o $@ $<