Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 7269:7f955d3b9a0d
SSL: detect "listen ... ssl" without certificates (ticket #178).
In mail and stream modules, no certificate provided is a fatal condition,
much like with the "ssl" and "starttls" directives.
In http, "listen ... ssl" can be used in a non-default server without
certificates as long as there is a certificate in the default one, so
missing certificate is only fatal for default servers.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 24 Apr 2018 15:29:01 +0300 |
| parents | c693daca57f7 |
| children | 21ad2af3262c |
comparison
equal
deleted
inserted
replaced
| 7268:0d8c72ff62dd | 7269:7f955d3b9a0d |
|---|---|
| 334 ngx_http_ssl_srv_conf_t *sscf; | 334 ngx_http_ssl_srv_conf_t *sscf; |
| 335 | 335 |
| 336 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); | 336 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); |
| 337 | 337 |
| 338 if (sscf->enable || hc->addr_conf->ssl) { | 338 if (sscf->enable || hc->addr_conf->ssl) { |
| 339 | 339 hc->ssl = 1; |
| 340 c->log->action = "SSL handshaking"; | 340 c->log->action = "SSL handshaking"; |
| 341 | |
| 342 if (hc->addr_conf->ssl && sscf->ssl.ctx == NULL) { | |
| 343 ngx_log_error(NGX_LOG_ERR, c->log, 0, | |
| 344 "no \"ssl_certificate\" is defined " | |
| 345 "in server listening on SSL port"); | |
| 346 ngx_http_close_connection(c); | |
| 347 return; | |
| 348 } | |
| 349 | |
| 350 hc->ssl = 1; | |
| 351 | |
| 352 rev->handler = ngx_http_ssl_handshake; | 341 rev->handler = ngx_http_ssl_handshake; |
| 353 } | 342 } |
| 354 } | 343 } |
| 355 #endif | 344 #endif |
| 356 | 345 |