Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 7269:7f955d3b9a0d
SSL: detect "listen ... ssl" without certificates (ticket #178).
In mail and stream modules, no certificate provided is a fatal condition,
much like with the "ssl" and "starttls" directives.
In http, "listen ... ssl" can be used in a non-default server without
certificates as long as there is a certificate in the default one, so
missing certificate is only fatal for default servers.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 24 Apr 2018 15:29:01 +0300 |
parents | c693daca57f7 |
children | 21ad2af3262c |
comparison
equal
deleted
inserted
replaced
7268:0d8c72ff62dd | 7269:7f955d3b9a0d |
---|---|
334 ngx_http_ssl_srv_conf_t *sscf; | 334 ngx_http_ssl_srv_conf_t *sscf; |
335 | 335 |
336 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); | 336 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); |
337 | 337 |
338 if (sscf->enable || hc->addr_conf->ssl) { | 338 if (sscf->enable || hc->addr_conf->ssl) { |
339 | 339 hc->ssl = 1; |
340 c->log->action = "SSL handshaking"; | 340 c->log->action = "SSL handshaking"; |
341 | |
342 if (hc->addr_conf->ssl && sscf->ssl.ctx == NULL) { | |
343 ngx_log_error(NGX_LOG_ERR, c->log, 0, | |
344 "no \"ssl_certificate\" is defined " | |
345 "in server listening on SSL port"); | |
346 ngx_http_close_connection(c); | |
347 return; | |
348 } | |
349 | |
350 hc->ssl = 1; | |
351 | |
352 rev->handler = ngx_http_ssl_handshake; | 341 rev->handler = ngx_http_ssl_handshake; |
353 } | 342 } |
354 } | 343 } |
355 #endif | 344 #endif |
356 | 345 |