Mercurial > hg > nginx-quic
view auto/lib/sha1/conf @ 5094:e0a3714a36f8
SNI: reset to default server if requested host was not found.
Not only this is consistent with a case without SNI, but this also
prevents abusing configurations that assume that the $host variable
is limited to one of the configured names for a server.
An example of potentially unsafe configuration:
server {
listen 443 ssl default_server;
...
}
server {
listen 443;
server_name example.com;
location / {
proxy_pass http://$host;
}
}
Note: it is possible to negotiate "example.com" by SNI, and to request
arbitrary host name that does not exist in the configuration above.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Wed, 27 Feb 2013 17:38:54 +0000 |
parents | d620f497c50f |
children | b0a616778038 |
line wrap: on
line source
# Copyright (C) Igor Sysoev # Copyright (C) Nginx, Inc. if [ $SHA1 != NONE ]; then have=NGX_HAVE_SHA1 . auto/have CORE_INCS="$CORE_INCS $SHA1" case "$NGX_CC_NAME" in msvc* | owc* | bcc) LINK_DEPS="$LINK_DEPS $SHA1/sha1.lib" CORE_LIBS="$CORE_LIBS $SHA1/sha1.lib" ;; icc*) LINK_DEPS="$LINK_DEPS $SHA1/libsha.a" # to allow -ipo optimization we link with the *.o but not library CORE_LIBS="$CORE_LIBS $SHA1/sha1_dgst.o" if [ $SHA1_ASM = YES ]; then CORE_LIBS="$CORE_LIBS $SHA1/asm/sx86-elf.o" fi ;; *) LINK_DEPS="$LINK_DEPS $SHA1/libsha.a" CORE_LIBS="$CORE_LIBS $SHA1/libsha.a" #CORE_LIBS="$CORE_LIBS -L $SHA1 -lsha" ;; esac else if [ "$NGX_PLATFORM" != win32 ]; then SHA1=NO # FreeBSD ngx_feature="sha1 in system md library" ngx_feature_name=NGX_HAVE_SHA1 ngx_feature_run=no ngx_feature_incs="#include <sha.h>" ngx_feature_path= ngx_feature_libs="-lmd" ngx_feature_test="SHA_CTX sha1; SHA1_Init(&sha1)" . auto/feature ngx_sha1_lib="system md" if [ $ngx_found = no ]; then # OpenSSL crypto library ngx_feature="OpenSSL sha1 crypto library" ngx_feature_incs="#include <openssl/sha.h>" ngx_feature_libs="-lcrypto" . auto/feature ngx_sha1_lib="system crypto" if [ $ngx_found = yes ]; then have=NGX_HAVE_OPENSSL_SHA1_H . auto/have fi fi if [ $ngx_found = yes ]; then CORE_LIBS="$CORE_LIBS $ngx_feature_libs" SHA1=YES SHA1_LIB=$ngx_sha1_lib fi fi fi