Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_module.c @ 7466:48c87377aabd
SSL: fixed possible segfault with dynamic certificates.
A virtual server may have no SSL context if it does not have certificates
defined, so we have to use config of the ngx_http_ssl_module from the
SSL context in the certificate callback. To do so, it is now passed as
the argument of the callback.
The stream module doesn't really need any changes, but was modified as
well to match http code.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 25 Feb 2019 21:16:26 +0300 |
| parents | 6708bec13757 |
| children | 7e8bcba6d039 |
comparison
equal
deleted
inserted
replaced
| 7465:6708bec13757 | 7466:48c87377aabd |
|---|---|
| 432 return 0; | 432 return 0; |
| 433 } | 433 } |
| 434 | 434 |
| 435 s = c->data; | 435 s = c->data; |
| 436 | 436 |
| 437 sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); | 437 sslcf = arg; |
| 438 | 438 |
| 439 nelts = sslcf->certificate_values->nelts; | 439 nelts = sslcf->certificate_values->nelts; |
| 440 certs = sslcf->certificate_values->elts; | 440 certs = sslcf->certificate_values->elts; |
| 441 keys = sslcf->certificate_key_values->elts; | 441 keys = sslcf->certificate_key_values->elts; |
| 442 | 442 |
| 690 | 690 |
| 691 #ifdef SSL_R_CERT_CB_ERROR | 691 #ifdef SSL_R_CERT_CB_ERROR |
| 692 | 692 |
| 693 /* install callback to lookup certificates */ | 693 /* install callback to lookup certificates */ |
| 694 | 694 |
| 695 SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, NULL); | 695 SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, conf); |
| 696 | 696 |
| 697 #else | 697 #else |
| 698 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 698 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
| 699 "variables in " | 699 "variables in " |
| 700 "\"ssl_certificate\" and \"ssl_certificate_key\" " | 700 "\"ssl_certificate\" and \"ssl_certificate_key\" " |