nginx: src/http/modules/ngx_http_ssl

comparison src/http/modules/ngx_http_ssl_module.c @ 7269:7f955d3b9a0d

SSL: detect "listen ... ssl" without certificates (ticket #178). In mail and stream modules, no certificate provided is a fatal condition, much like with the "ssl" and "starttls" directives. In http, "listen ... ssl" can be used in a non-default server without certificates as long as there is a certificate in the default one, so missing certificate is only fatal for default servers.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Tue, 24 Apr 2018 15:29:01 +0300
parents	82f0b8dcca27
children	46c0c7ef4913

comparison

equal deleted inserted replaced

-:0d8c72ff62dd
+:7f955d3b9a0d
 static ngx_int_t
 ngx_http_ssl_init(ngx_conf_t *cf)
 {
-ngx_uint_t                   s;
+ngx_uint_t                   a, p, s;
+ngx_http_conf_addr_t        *addr;
+ngx_http_conf_port_t        *port;
 ngx_http_ssl_srv_conf_t     *sscf;
 ngx_http_core_loc_conf_t    *clcf;
-ngx_http_core_srv_conf_t   **cscfp;
+ngx_http_core_srv_conf_t   **cscfp, *cscf;
 ngx_http_core_main_conf_t   *cmcf;
 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
 cscfp = cmcf->servers.elts;
 {
 return NGX_ERROR;
 }
 }
+if (cmcf->ports == NULL) {
+return NGX_OK;
+}
+port = cmcf->ports->elts;
+for (p = 0; p < cmcf->ports->nelts; p++) {
+addr = port[p].addrs.elts;
+for (a = 0; a < port[p].addrs.nelts; a++) {
+if (!addr[a].opt.ssl) {
+continue;
+}
+cscf = addr[a].default_server;
+sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
+if (sscf->certificates == NULL) {
+ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+"no \"ssl_certificate\" is defined for "
+"the \"listen ... ssl\" directive in %s:%ui",
+cscf->file_name, cscf->line);
+return NGX_ERROR;
+}
+}
+}
 return NGX_OK;
 }

Mercurial > hg > nginx

comparison src/http/modules/ngx_http_ssl_module.c @ 7269:7f955d3b9a0d