Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 4304:ed922fb9d6c1
Fixed segfault on ssl servers without cert with SNI (ticket #54).
Non-default servers may not have ssl context created if there are no
certificate defined. Make sure to check if ssl context present before
using it.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 22 Nov 2011 16:27:45 +0000 |
parents | 35f4997c08ce |
children | e7db97bfac25 |
comparison
equal
deleted
inserted
replaced
4303:b375a7f0d51a | 4304:ed922fb9d6c1 |
---|---|
669 return SSL_TLSEXT_ERR_NOACK; | 669 return SSL_TLSEXT_ERR_NOACK; |
670 } | 670 } |
671 | 671 |
672 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); | 672 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); |
673 | 673 |
674 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx); | 674 if (sscf->ssl.ctx) { |
675 | 675 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx); |
676 /* | 676 |
677 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d | 677 /* |
678 * adjust other things we care about | 678 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d |
679 */ | 679 * adjust other things we care about |
680 | 680 */ |
681 SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx), | 681 |
682 SSL_CTX_get_verify_callback(sscf->ssl.ctx)); | 682 SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx), |
683 | 683 SSL_CTX_get_verify_callback(sscf->ssl.ctx)); |
684 SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx)); | 684 |
685 SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx)); | |
685 | 686 |
686 #ifdef SSL_CTRL_CLEAR_OPTIONS | 687 #ifdef SSL_CTRL_CLEAR_OPTIONS |
687 /* only in 0.9.8m+ */ | 688 /* only in 0.9.8m+ */ |
688 SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) & | 689 SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) & |
689 ~SSL_CTX_get_options(sscf->ssl.ctx)); | 690 ~SSL_CTX_get_options(sscf->ssl.ctx)); |
690 #endif | 691 #endif |
691 | 692 |
692 SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx)); | 693 SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx)); |
694 } | |
693 | 695 |
694 return SSL_TLSEXT_ERR_OK; | 696 return SSL_TLSEXT_ERR_OK; |
695 } | 697 } |
696 | 698 |
697 #endif | 699 #endif |