Mercurial > hg > nginx
view src/core/ngx_radix_tree.h @ 7672:3dcb1aba894a
SSL: fixed unexpected certificate requests (ticket #2008).
Using SSL_CTX_set_verify(SSL_VERIFY_PEER) implies that OpenSSL will
send a certificate request during an SSL handshake, leading to unexpected
certificate requests from browsers as long as there are any client
certificates installed. Given that ngx_ssl_trusted_certificate()
is called unconditionally by the ngx_http_ssl_module, this affected
all HTTPS servers. Broken by 699f6e55bbb4 (not released yet).
Fix is to set verify callback in the ngx_ssl_trusted_certificate() function
without changing the verify mode.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 29 Jun 2020 17:15:51 +0300 |
parents | 3be3de31d7dd |
children |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_RADIX_TREE_H_INCLUDED_ #define _NGX_RADIX_TREE_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #define NGX_RADIX_NO_VALUE (uintptr_t) -1 typedef struct ngx_radix_node_s ngx_radix_node_t; struct ngx_radix_node_s { ngx_radix_node_t *right; ngx_radix_node_t *left; ngx_radix_node_t *parent; uintptr_t value; }; typedef struct { ngx_radix_node_t *root; ngx_pool_t *pool; ngx_radix_node_t *free; char *start; size_t size; } ngx_radix_tree_t; ngx_radix_tree_t *ngx_radix_tree_create(ngx_pool_t *pool, ngx_int_t preallocate); ngx_int_t ngx_radix32tree_insert(ngx_radix_tree_t *tree, uint32_t key, uint32_t mask, uintptr_t value); ngx_int_t ngx_radix32tree_delete(ngx_radix_tree_t *tree, uint32_t key, uint32_t mask); uintptr_t ngx_radix32tree_find(ngx_radix_tree_t *tree, uint32_t key); #if (NGX_HAVE_INET6) ngx_int_t ngx_radix128tree_insert(ngx_radix_tree_t *tree, u_char *key, u_char *mask, uintptr_t value); ngx_int_t ngx_radix128tree_delete(ngx_radix_tree_t *tree, u_char *key, u_char *mask); uintptr_t ngx_radix128tree_find(ngx_radix_tree_t *tree, u_char *key); #endif #endif /* _NGX_RADIX_TREE_H_INCLUDED_ */