Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 4304:ed922fb9d6c1
Fixed segfault on ssl servers without cert with SNI (ticket #54).
Non-default servers may not have ssl context created if there are no
certificate defined. Make sure to check if ssl context present before
using it.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 22 Nov 2011 16:27:45 +0000 |
| parents | 35f4997c08ce |
| children | e7db97bfac25 |
comparison
equal
deleted
inserted
replaced
| 4303:b375a7f0d51a | 4304:ed922fb9d6c1 |
|---|---|
| 669 return SSL_TLSEXT_ERR_NOACK; | 669 return SSL_TLSEXT_ERR_NOACK; |
| 670 } | 670 } |
| 671 | 671 |
| 672 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); | 672 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); |
| 673 | 673 |
| 674 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx); | 674 if (sscf->ssl.ctx) { |
| 675 | 675 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx); |
| 676 /* | 676 |
| 677 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d | 677 /* |
| 678 * adjust other things we care about | 678 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d |
| 679 */ | 679 * adjust other things we care about |
| 680 | 680 */ |
| 681 SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx), | 681 |
| 682 SSL_CTX_get_verify_callback(sscf->ssl.ctx)); | 682 SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx), |
| 683 | 683 SSL_CTX_get_verify_callback(sscf->ssl.ctx)); |
| 684 SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx)); | 684 |
| 685 SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx)); | |
| 685 | 686 |
| 686 #ifdef SSL_CTRL_CLEAR_OPTIONS | 687 #ifdef SSL_CTRL_CLEAR_OPTIONS |
| 687 /* only in 0.9.8m+ */ | 688 /* only in 0.9.8m+ */ |
| 688 SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) & | 689 SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) & |
| 689 ~SSL_CTX_get_options(sscf->ssl.ctx)); | 690 ~SSL_CTX_get_options(sscf->ssl.ctx)); |
| 690 #endif | 691 #endif |
| 691 | 692 |
| 692 SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx)); | 693 SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx)); |
| 694 } | |
| 693 | 695 |
| 694 return SSL_TLSEXT_ERR_OK; | 696 return SSL_TLSEXT_ERR_OK; |
| 695 } | 697 } |
| 696 | 698 |
| 697 #endif | 699 #endif |