Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 7712:eb940fe579cf
SSL: abort handshake on SSL_set_SSL_CTX() errors.
In rare cases, such as memory allocation failure, SSL_set_SSL_CTX() returns
NULL, which could mean that a different SSL configuration has not been set.
Note that this new behaviour seemingly originated in OpenSSL-1.1.0 release.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 24 Sep 2020 13:51:29 +0100 |
parents | 45764bca69b0 |
children | 59e1c73fe02b 0875101c08f7 |
comparison
equal
deleted
inserted
replaced
7711:526dddf637bb | 7712:eb940fe579cf |
---|---|
930 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); | 930 sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); |
931 | 931 |
932 c->ssl->buffer_size = sscf->buffer_size; | 932 c->ssl->buffer_size = sscf->buffer_size; |
933 | 933 |
934 if (sscf->ssl.ctx) { | 934 if (sscf->ssl.ctx) { |
935 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx); | 935 if (SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx) == NULL) { |
936 *ad = SSL_AD_INTERNAL_ERROR; | |
937 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
938 } | |
936 | 939 |
937 /* | 940 /* |
938 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d | 941 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d |
939 * adjust other things we care about | 942 * adjust other things we care about |
940 */ | 943 */ |