Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 7269:7f955d3b9a0d
SSL: detect "listen ... ssl" without certificates (ticket #178).
In mail and stream modules, no certificate provided is a fatal condition,
much like with the "ssl" and "starttls" directives.
In http, "listen ... ssl" can be used in a non-default server without
certificates as long as there is a certificate in the default one, so
missing certificate is only fatal for default servers.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 24 Apr 2018 15:29:01 +0300 |
parents | 82f0b8dcca27 |
children | 46c0c7ef4913 |
comparison
equal
deleted
inserted
replaced
7268:0d8c72ff62dd | 7269:7f955d3b9a0d |
---|---|
964 | 964 |
965 | 965 |
966 static ngx_int_t | 966 static ngx_int_t |
967 ngx_http_ssl_init(ngx_conf_t *cf) | 967 ngx_http_ssl_init(ngx_conf_t *cf) |
968 { | 968 { |
969 ngx_uint_t s; | 969 ngx_uint_t a, p, s; |
970 ngx_http_conf_addr_t *addr; | |
971 ngx_http_conf_port_t *port; | |
970 ngx_http_ssl_srv_conf_t *sscf; | 972 ngx_http_ssl_srv_conf_t *sscf; |
971 ngx_http_core_loc_conf_t *clcf; | 973 ngx_http_core_loc_conf_t *clcf; |
972 ngx_http_core_srv_conf_t **cscfp; | 974 ngx_http_core_srv_conf_t **cscfp, *cscf; |
973 ngx_http_core_main_conf_t *cmcf; | 975 ngx_http_core_main_conf_t *cmcf; |
974 | 976 |
975 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); | 977 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); |
976 cscfp = cmcf->servers.elts; | 978 cscfp = cmcf->servers.elts; |
977 | 979 |
991 { | 993 { |
992 return NGX_ERROR; | 994 return NGX_ERROR; |
993 } | 995 } |
994 } | 996 } |
995 | 997 |
998 if (cmcf->ports == NULL) { | |
999 return NGX_OK; | |
1000 } | |
1001 | |
1002 port = cmcf->ports->elts; | |
1003 for (p = 0; p < cmcf->ports->nelts; p++) { | |
1004 | |
1005 addr = port[p].addrs.elts; | |
1006 for (a = 0; a < port[p].addrs.nelts; a++) { | |
1007 | |
1008 if (!addr[a].opt.ssl) { | |
1009 continue; | |
1010 } | |
1011 | |
1012 cscf = addr[a].default_server; | |
1013 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; | |
1014 | |
1015 if (sscf->certificates == NULL) { | |
1016 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
1017 "no \"ssl_certificate\" is defined for " | |
1018 "the \"listen ... ssl\" directive in %s:%ui", | |
1019 cscf->file_name, cscf->line); | |
1020 return NGX_ERROR; | |
1021 } | |
1022 } | |
1023 } | |
1024 | |
996 return NGX_OK; | 1025 return NGX_OK; |
997 } | 1026 } |