Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 8618:71b7453fb11f quic
Merged with the default branch.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 29 Oct 2020 14:53:58 +0000 |
parents | 0875101c08f7 59e1c73fe02b |
children | 279ad36f2f4b |
comparison
equal
deleted
inserted
replaced
8617:69dc750cf66f | 8618:71b7453fb11f |
---|---|
925 if (c->ssl->handshaked) { | 925 if (c->ssl->handshaked) { |
926 *ad = SSL_AD_NO_RENEGOTIATION; | 926 *ad = SSL_AD_NO_RENEGOTIATION; |
927 return SSL_TLSEXT_ERR_ALERT_FATAL; | 927 return SSL_TLSEXT_ERR_ALERT_FATAL; |
928 } | 928 } |
929 | 929 |
930 hc = c->data; | |
931 | |
930 servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name); | 932 servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name); |
931 | 933 |
932 if (servername == NULL) { | 934 if (servername == NULL) { |
933 return SSL_TLSEXT_ERR_OK; | 935 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, |
936 "SSL server name: null"); | |
937 goto done; | |
934 } | 938 } |
935 | 939 |
936 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | 940 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, |
937 "SSL server name: \"%s\"", servername); | 941 "SSL server name: \"%s\"", servername); |
938 | 942 |
939 host.len = ngx_strlen(servername); | 943 host.len = ngx_strlen(servername); |
940 | 944 |
941 if (host.len == 0) { | 945 if (host.len == 0) { |
942 return SSL_TLSEXT_ERR_OK; | 946 goto done; |
943 } | 947 } |
944 | 948 |
945 host.data = (u_char *) servername; | 949 host.data = (u_char *) servername; |
946 | 950 |
947 rc = ngx_http_validate_host(&host, c->pool, 1); | 951 rc = ngx_http_validate_host(&host, c->pool, 1); |
948 | 952 |
949 if (rc == NGX_ERROR) { | 953 if (rc == NGX_ERROR) { |
950 *ad = SSL_AD_INTERNAL_ERROR; | 954 goto error; |
951 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
952 } | 955 } |
953 | 956 |
954 if (rc == NGX_DECLINED) { | 957 if (rc == NGX_DECLINED) { |
955 return SSL_TLSEXT_ERR_OK; | 958 goto done; |
956 } | 959 } |
957 | |
958 hc = c->data; | |
959 | 960 |
960 rc = ngx_http_find_virtual_server(c, hc->addr_conf->virtual_names, &host, | 961 rc = ngx_http_find_virtual_server(c, hc->addr_conf->virtual_names, &host, |
961 NULL, &cscf); | 962 NULL, &cscf); |
962 | 963 |
963 if (rc == NGX_ERROR) { | 964 if (rc == NGX_ERROR) { |
964 *ad = SSL_AD_INTERNAL_ERROR; | 965 goto error; |
965 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
966 } | 966 } |
967 | 967 |
968 if (rc == NGX_DECLINED) { | 968 if (rc == NGX_DECLINED) { |
969 return SSL_TLSEXT_ERR_OK; | 969 goto done; |
970 } | 970 } |
971 | 971 |
972 hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t)); | 972 hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t)); |
973 if (hc->ssl_servername == NULL) { | 973 if (hc->ssl_servername == NULL) { |
974 *ad = SSL_AD_INTERNAL_ERROR; | 974 goto error; |
975 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
976 } | 975 } |
977 | 976 |
978 *hc->ssl_servername = host; | 977 *hc->ssl_servername = host; |
979 | 978 |
980 hc->conf_ctx = cscf->ctx; | 979 hc->conf_ctx = cscf->ctx; |
987 | 986 |
988 c->ssl->buffer_size = sscf->buffer_size; | 987 c->ssl->buffer_size = sscf->buffer_size; |
989 | 988 |
990 if (sscf->ssl.ctx) { | 989 if (sscf->ssl.ctx) { |
991 if (SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx) == NULL) { | 990 if (SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx) == NULL) { |
992 *ad = SSL_AD_INTERNAL_ERROR; | 991 goto error; |
993 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
994 } | 992 } |
995 | 993 |
996 /* | 994 /* |
997 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d | 995 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d |
998 * adjust other things we care about | 996 * adjust other things we care about |
1014 #ifdef SSL_OP_NO_RENEGOTIATION | 1012 #ifdef SSL_OP_NO_RENEGOTIATION |
1015 SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION); | 1013 SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION); |
1016 #endif | 1014 #endif |
1017 } | 1015 } |
1018 | 1016 |
1017 done: | |
1018 | |
1019 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); | |
1020 | |
1021 if (sscf->reject_handshake) { | |
1022 c->ssl->handshake_rejected = 1; | |
1023 *ad = SSL_AD_UNRECOGNIZED_NAME; | |
1024 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
1025 } | |
1026 | |
1019 return SSL_TLSEXT_ERR_OK; | 1027 return SSL_TLSEXT_ERR_OK; |
1028 | |
1029 error: | |
1030 | |
1031 *ad = SSL_AD_INTERNAL_ERROR; | |
1032 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
1020 } | 1033 } |
1021 | 1034 |
1022 #endif | 1035 #endif |
1023 | 1036 |
1024 | 1037 |