Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_module.c @ 6871:1818acd8442f
Stream: client SSL certificates were not checked in some cases.
If ngx_stream_ssl_init_connection() succeeded immediately, the check was not
done.
The bug had appeared in 1.11.8 (41cb1b64561d).
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 19 Jan 2017 16:20:07 +0300 |
parents | 0a08a8babf53 |
children | 08dc60979133 |
comparison
equal
deleted
inserted
replaced
6870:0a08a8babf53 | 6871:1818acd8442f |
---|---|
282 static ngx_int_t | 282 static ngx_int_t |
283 ngx_stream_ssl_handler(ngx_stream_session_t *s) | 283 ngx_stream_ssl_handler(ngx_stream_session_t *s) |
284 { | 284 { |
285 long rc; | 285 long rc; |
286 X509 *cert; | 286 X509 *cert; |
287 ngx_int_t rv; | |
287 ngx_connection_t *c; | 288 ngx_connection_t *c; |
288 ngx_stream_ssl_conf_t *sslcf; | 289 ngx_stream_ssl_conf_t *sslcf; |
289 | 290 |
290 if (!s->ssl) { | 291 if (!s->ssl) { |
291 return NGX_OK; | 292 return NGX_OK; |
303 "no \"ssl_certificate\" is defined " | 304 "no \"ssl_certificate\" is defined " |
304 "in server listening on SSL port"); | 305 "in server listening on SSL port"); |
305 return NGX_ERROR; | 306 return NGX_ERROR; |
306 } | 307 } |
307 | 308 |
308 return ngx_stream_ssl_init_connection(&sslcf->ssl, c); | 309 rv = ngx_stream_ssl_init_connection(&sslcf->ssl, c); |
310 | |
311 if (rv != NGX_OK) { | |
312 return rv; | |
313 } | |
309 } | 314 } |
310 | 315 |
311 if (sslcf->verify) { | 316 if (sslcf->verify) { |
312 rc = SSL_get_verify_result(c->ssl->connection); | 317 rc = SSL_get_verify_result(c->ssl->connection); |
313 | 318 |