Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 8618:71b7453fb11f quic
Merged with the default branch.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 29 Oct 2020 14:53:58 +0000 |
| parents | 0875101c08f7 59e1c73fe02b |
| children | 279ad36f2f4b |
comparison
equal
deleted
inserted
replaced
| 8617:69dc750cf66f | 8618:71b7453fb11f |
|---|---|
| 925 if (c->ssl->handshaked) { | 925 if (c->ssl->handshaked) { |
| 926 *ad = SSL_AD_NO_RENEGOTIATION; | 926 *ad = SSL_AD_NO_RENEGOTIATION; |
| 927 return SSL_TLSEXT_ERR_ALERT_FATAL; | 927 return SSL_TLSEXT_ERR_ALERT_FATAL; |
| 928 } | 928 } |
| 929 | 929 |
| 930 hc = c->data; | |
| 931 | |
| 930 servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name); | 932 servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name); |
| 931 | 933 |
| 932 if (servername == NULL) { | 934 if (servername == NULL) { |
| 933 return SSL_TLSEXT_ERR_OK; | 935 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| 936 "SSL server name: null"); | |
| 937 goto done; | |
| 934 } | 938 } |
| 935 | 939 |
| 936 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | 940 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| 937 "SSL server name: \"%s\"", servername); | 941 "SSL server name: \"%s\"", servername); |
| 938 | 942 |
| 939 host.len = ngx_strlen(servername); | 943 host.len = ngx_strlen(servername); |
| 940 | 944 |
| 941 if (host.len == 0) { | 945 if (host.len == 0) { |
| 942 return SSL_TLSEXT_ERR_OK; | 946 goto done; |
| 943 } | 947 } |
| 944 | 948 |
| 945 host.data = (u_char *) servername; | 949 host.data = (u_char *) servername; |
| 946 | 950 |
| 947 rc = ngx_http_validate_host(&host, c->pool, 1); | 951 rc = ngx_http_validate_host(&host, c->pool, 1); |
| 948 | 952 |
| 949 if (rc == NGX_ERROR) { | 953 if (rc == NGX_ERROR) { |
| 950 *ad = SSL_AD_INTERNAL_ERROR; | 954 goto error; |
| 951 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
| 952 } | 955 } |
| 953 | 956 |
| 954 if (rc == NGX_DECLINED) { | 957 if (rc == NGX_DECLINED) { |
| 955 return SSL_TLSEXT_ERR_OK; | 958 goto done; |
| 956 } | 959 } |
| 957 | |
| 958 hc = c->data; | |
| 959 | 960 |
| 960 rc = ngx_http_find_virtual_server(c, hc->addr_conf->virtual_names, &host, | 961 rc = ngx_http_find_virtual_server(c, hc->addr_conf->virtual_names, &host, |
| 961 NULL, &cscf); | 962 NULL, &cscf); |
| 962 | 963 |
| 963 if (rc == NGX_ERROR) { | 964 if (rc == NGX_ERROR) { |
| 964 *ad = SSL_AD_INTERNAL_ERROR; | 965 goto error; |
| 965 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
| 966 } | 966 } |
| 967 | 967 |
| 968 if (rc == NGX_DECLINED) { | 968 if (rc == NGX_DECLINED) { |
| 969 return SSL_TLSEXT_ERR_OK; | 969 goto done; |
| 970 } | 970 } |
| 971 | 971 |
| 972 hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t)); | 972 hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t)); |
| 973 if (hc->ssl_servername == NULL) { | 973 if (hc->ssl_servername == NULL) { |
| 974 *ad = SSL_AD_INTERNAL_ERROR; | 974 goto error; |
| 975 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
| 976 } | 975 } |
| 977 | 976 |
| 978 *hc->ssl_servername = host; | 977 *hc->ssl_servername = host; |
| 979 | 978 |
| 980 hc->conf_ctx = cscf->ctx; | 979 hc->conf_ctx = cscf->ctx; |
| 987 | 986 |
| 988 c->ssl->buffer_size = sscf->buffer_size; | 987 c->ssl->buffer_size = sscf->buffer_size; |
| 989 | 988 |
| 990 if (sscf->ssl.ctx) { | 989 if (sscf->ssl.ctx) { |
| 991 if (SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx) == NULL) { | 990 if (SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx) == NULL) { |
| 992 *ad = SSL_AD_INTERNAL_ERROR; | 991 goto error; |
| 993 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
| 994 } | 992 } |
| 995 | 993 |
| 996 /* | 994 /* |
| 997 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d | 995 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d |
| 998 * adjust other things we care about | 996 * adjust other things we care about |
| 1014 #ifdef SSL_OP_NO_RENEGOTIATION | 1012 #ifdef SSL_OP_NO_RENEGOTIATION |
| 1015 SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION); | 1013 SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION); |
| 1016 #endif | 1014 #endif |
| 1017 } | 1015 } |
| 1018 | 1016 |
| 1017 done: | |
| 1018 | |
| 1019 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); | |
| 1020 | |
| 1021 if (sscf->reject_handshake) { | |
| 1022 c->ssl->handshake_rejected = 1; | |
| 1023 *ad = SSL_AD_UNRECOGNIZED_NAME; | |
| 1024 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
| 1025 } | |
| 1026 | |
| 1019 return SSL_TLSEXT_ERR_OK; | 1027 return SSL_TLSEXT_ERR_OK; |
| 1028 | |
| 1029 error: | |
| 1030 | |
| 1031 *ad = SSL_AD_INTERNAL_ERROR; | |
| 1032 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
| 1020 } | 1033 } |
| 1021 | 1034 |
| 1022 #endif | 1035 #endif |
| 1023 | 1036 |
| 1024 | 1037 |