Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_module.c @ 6871:1818acd8442f
Stream: client SSL certificates were not checked in some cases.
If ngx_stream_ssl_init_connection() succeeded immediately, the check was not
done.
The bug had appeared in 1.11.8 (41cb1b64561d).
| author | Vladimir Homutov <vl@nginx.com> |
|---|---|
| date | Thu, 19 Jan 2017 16:20:07 +0300 |
| parents | 0a08a8babf53 |
| children | 08dc60979133 |
comparison
equal
deleted
inserted
replaced
| 6870:0a08a8babf53 | 6871:1818acd8442f |
|---|---|
| 282 static ngx_int_t | 282 static ngx_int_t |
| 283 ngx_stream_ssl_handler(ngx_stream_session_t *s) | 283 ngx_stream_ssl_handler(ngx_stream_session_t *s) |
| 284 { | 284 { |
| 285 long rc; | 285 long rc; |
| 286 X509 *cert; | 286 X509 *cert; |
| 287 ngx_int_t rv; | |
| 287 ngx_connection_t *c; | 288 ngx_connection_t *c; |
| 288 ngx_stream_ssl_conf_t *sslcf; | 289 ngx_stream_ssl_conf_t *sslcf; |
| 289 | 290 |
| 290 if (!s->ssl) { | 291 if (!s->ssl) { |
| 291 return NGX_OK; | 292 return NGX_OK; |
| 303 "no \"ssl_certificate\" is defined " | 304 "no \"ssl_certificate\" is defined " |
| 304 "in server listening on SSL port"); | 305 "in server listening on SSL port"); |
| 305 return NGX_ERROR; | 306 return NGX_ERROR; |
| 306 } | 307 } |
| 307 | 308 |
| 308 return ngx_stream_ssl_init_connection(&sslcf->ssl, c); | 309 rv = ngx_stream_ssl_init_connection(&sslcf->ssl, c); |
| 310 | |
| 311 if (rv != NGX_OK) { | |
| 312 return rv; | |
| 313 } | |
| 309 } | 314 } |
| 310 | 315 |
| 311 if (sslcf->verify) { | 316 if (sslcf->verify) { |
| 312 rc = SSL_get_verify_result(c->ssl->connection); | 317 rc = SSL_get_verify_result(c->ssl->connection); |
| 313 | 318 |