Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 6320:a6902a941279
SSL: fixed possible segfault on renegotiation (ticket #845).
Skip SSL_CTX_set_tlsext_servername_callback in case of renegotiation.
Do nothing in SNI callback as in this case it will be supplied with
request in c->data which isn't expected and doesn't work this way.
This was broken by b40af2fd1c16 (1.9.6) with OpenSSL master branch and LibreSSL.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 08 Dec 2015 16:59:43 +0300 |
| parents | b1858fc47e3b |
| children | 71edd9192f24 |
comparison
equal
deleted
inserted
replaced
| 6319:fe0ace132a25 | 6320:a6902a941279 |
|---|---|
| 835 return SSL_TLSEXT_ERR_NOACK; | 835 return SSL_TLSEXT_ERR_NOACK; |
| 836 } | 836 } |
| 837 | 837 |
| 838 c = ngx_ssl_get_connection(ssl_conn); | 838 c = ngx_ssl_get_connection(ssl_conn); |
| 839 | 839 |
| 840 if (c->ssl->renegotiation) { | |
| 841 return SSL_TLSEXT_ERR_NOACK; | |
| 842 } | |
| 843 | |
| 840 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | 844 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| 841 "SSL server name: \"%s\"", servername); | 845 "SSL server name: \"%s\"", servername); |
| 842 | 846 |
| 843 host.len = ngx_strlen(servername); | 847 host.len = ngx_strlen(servername); |
| 844 | 848 |