Mercurial > hg > nginx-quic
view auto/lib/zlib/makefile.owc @ 7367:bf1ac3dc1e68
SSL: fixed segfault on renegotiation (ticket #1646).
In e3ba4026c02d (1.15.4) nginx own renegotiation checks were disabled
if SSL_OP_NO_RENEGOTIATION is available. But since SSL_OP_NO_RENEGOTIATION
is only set on a connection, not in an SSL context, SSL_clear_option()
removed it as long as a matching virtual server was found. This resulted
in a segmentation fault similar to the one fixed in a6902a941279 (1.9.8),
affecting nginx built with OpenSSL 1.1.0h or higher.
To fix this, SSL_OP_NO_RENEGOTIATION is now explicitly set in
ngx_http_ssl_servername() after adjusting options. Additionally, instead
of c->ssl->renegotiation we now check c->ssl->handshaked, which seems
to be a more correct flag to test, and will prevent the segmentation fault
from happening even if SSL_OP_NO_RENEGOTIATION is not working.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 02 Oct 2018 17:46:18 +0300 |
parents | 9d458803bbe0 |
children |
line wrap: on
line source
# Copyright (C) Igor Sysoev # Copyright (C) Nginx, Inc. CFLAGS = -zq -bt=nt -ot -op -oi -oe -s -bm $(CPU_OPT) zlib.lib: cd $(ZLIB) wcl386 -c $(CFLAGS) adler32.c crc32.c deflate.c trees.c zutil.c & compress.c inflate.c inffast.c inftrees.c wlib -n zlib.lib adler32.obj crc32.obj deflate.obj trees.obj & zutil.obj compress.obj inflate.obj inffast.obj inftrees.obj