Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 7712:eb940fe579cf
SSL: abort handshake on SSL_set_SSL_CTX() errors.
In rare cases, such as memory allocation failure, SSL_set_SSL_CTX() returns
NULL, which could mean that a different SSL configuration has not been set.
Note that this new behaviour seemingly originated in OpenSSL-1.1.0 release.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 24 Sep 2020 13:51:29 +0100 |
| parents | 45764bca69b0 |
| children | 59e1c73fe02b 0875101c08f7 |
comparison
equal
deleted
inserted
replaced
| 7711:526dddf637bb | 7712:eb940fe579cf |
|---|---|
| 930 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); | 930 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); |
| 931 | 931 |
| 932 c->ssl->buffer_size = sscf->buffer_size; | 932 c->ssl->buffer_size = sscf->buffer_size; |
| 933 | 933 |
| 934 if (sscf->ssl.ctx) { | 934 if (sscf->ssl.ctx) { |
| 935 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx); | 935 if (SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx) == NULL) { |
| 936 *ad = SSL_AD_INTERNAL_ERROR; | |
| 937 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
| 938 } | |
| 936 | 939 |
| 937 /* | 940 /* |
| 938 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d | 941 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d |
| 939 * adjust other things we care about | 942 * adjust other things we care about |
| 940 */ | 943 */ |