Mercurial > hg > nginx-quic
changeset 8115:eb940fe579cf
SSL: abort handshake on SSL_set_SSL_CTX() errors.
In rare cases, such as memory allocation failure, SSL_set_SSL_CTX() returns
NULL, which could mean that a different SSL configuration has not been set.
Note that this new behaviour seemingly originated in OpenSSL-1.1.0 release.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 24 Sep 2020 13:51:29 +0100 |
parents | 526dddf637bb |
children | 45e9281c6c5b |
files | src/http/ngx_http_request.c |
diffstat | 1 files changed, 4 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -932,7 +932,10 @@ ngx_http_ssl_servername(ngx_ssl_conn_t * c->ssl->buffer_size = sscf->buffer_size; if (sscf->ssl.ctx) { - SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx); + if (SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx) == NULL) { + *ad = SSL_AD_INTERNAL_ERROR; + return SSL_TLSEXT_ERR_ALERT_FATAL; + } /* * SSL_set_SSL_CTX() only changes certs as of 1.0.0d