Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5946:ee941e49bd88
SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
The flag was recently removed by BoringSSL.
author | Lukas Tribus <luky-37@hotmail.com> |
---|---|
date | Wed, 17 Dec 2014 15:12:50 +0100 |
parents | 2c33ed82cde1 |
children | c2f309fb7ad2 |
comparison
equal
deleted
inserted
replaced
5945:99751fe3bc3b | 5946:ee941e49bd88 |
---|---|
1144 c->recv = ngx_ssl_recv; | 1144 c->recv = ngx_ssl_recv; |
1145 c->send = ngx_ssl_write; | 1145 c->send = ngx_ssl_write; |
1146 c->recv_chain = ngx_ssl_recv_chain; | 1146 c->recv_chain = ngx_ssl_recv_chain; |
1147 c->send_chain = ngx_ssl_send_chain; | 1147 c->send_chain = ngx_ssl_send_chain; |
1148 | 1148 |
1149 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS | |
1150 | |
1149 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ | 1151 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ |
1150 if (c->ssl->connection->s3) { | 1152 if (c->ssl->connection->s3) { |
1151 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; | 1153 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; |
1152 } | 1154 } |
1155 | |
1156 #endif | |
1153 | 1157 |
1154 return NGX_OK; | 1158 return NGX_OK; |
1155 } | 1159 } |
1156 | 1160 |
1157 sslerr = SSL_get_error(c->ssl->connection, n); | 1161 sslerr = SSL_get_error(c->ssl->connection, n); |