Mercurial > hg > nginx-quic
view src/stream/ngx_stream_ssl_module.h @ 8481:a45b6a206cfc stable-1.20
Resolver: fixed label types handling in ngx_resolver_copy().
Previously, anything with any of the two high bits set were interpreted
as compression pointers. This is incorrect, as RFC 1035 clearly states
that "The 10 and 01 combinations are reserved for future use". Further,
the 01 combination is actually allocated for EDNS extended label type
(see RFC 2671 and RFC 6891), not really used though.
Fix is to reject unrecognized label types rather than misinterpreting
them as compression pointers.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 25 May 2021 15:17:41 +0300 |
parents | 3bff3f397c05 |
children | b9e02e9b2f1d |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_STREAM_SSL_H_INCLUDED_ #define _NGX_STREAM_SSL_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_stream.h> typedef struct { ngx_msec_t handshake_timeout; ngx_flag_t prefer_server_ciphers; ngx_ssl_t ssl; ngx_uint_t listen; ngx_uint_t protocols; ngx_uint_t verify; ngx_uint_t verify_depth; ssize_t builtin_session_cache; time_t session_timeout; ngx_array_t *certificates; ngx_array_t *certificate_keys; ngx_array_t *certificate_values; ngx_array_t *certificate_key_values; ngx_str_t dhparam; ngx_str_t ecdh_curve; ngx_str_t client_certificate; ngx_str_t trusted_certificate; ngx_str_t crl; ngx_str_t ciphers; ngx_array_t *passwords; ngx_array_t *conf_commands; ngx_shm_zone_t *shm_zone; ngx_flag_t session_tickets; ngx_array_t *session_ticket_keys; u_char *file; ngx_uint_t line; } ngx_stream_ssl_conf_t; extern ngx_module_t ngx_stream_ssl_module; #endif /* _NGX_STREAM_SSL_H_INCLUDED_ */