Mercurial > hg > nginx-quic
view docs/xml/change_log_conf.xml @ 7367:bf1ac3dc1e68
SSL: fixed segfault on renegotiation (ticket #1646).
In e3ba4026c02d (1.15.4) nginx own renegotiation checks were disabled
if SSL_OP_NO_RENEGOTIATION is available. But since SSL_OP_NO_RENEGOTIATION
is only set on a connection, not in an SSL context, SSL_clear_option()
removed it as long as a matching virtual server was found. This resulted
in a segmentation fault similar to the one fixed in a6902a941279 (1.9.8),
affecting nginx built with OpenSSL 1.1.0h or higher.
To fix this, SSL_OP_NO_RENEGOTIATION is now explicitly set in
ngx_http_ssl_servername() after adjusting options. Additionally, instead
of c->ssl->renegotiation we now check c->ssl->handshaked, which seems
to be a more correct flag to test, and will prevent the segmentation fault
from happening even if SSL_OP_NO_RENEGOTIATION is not working.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 02 Oct 2018 17:46:18 +0300 |
parents | 76bc29f06168 |
children |
line wrap: on
line source
<?xml version="1.0" ?> <!DOCTYPE configuration SYSTEM "../dtd/change_log_conf.dtd" > <configuration> <length>76</length> <start> *) </start> <indent> </indent> <changes lang="ru"> <title>Изменения в </title> <length>66</length> <bugfix>Исправление</bugfix> <feature>Добавление</feature> <change>Изменение</change> <security>Безопасность</security> <workaround>Изменение</workaround> </changes> <changes lang="en"> <title>Changes with </title> <length>65</length> <bugfix>Bugfix</bugfix> <feature>Feature</feature> <change>Change</change> <security>Security</security> <workaround>Workaround</workaround> <month> Jan </month> <month> Feb </month> <month> Mar </month> <month> Apr </month> <month> May </month> <month> Jun </month> <month> Jul </month> <month> Aug </month> <month> Sep </month> <month> Oct </month> <month> Nov </month> <month> Dec </month> </changes> </configuration>