Mercurial > hg > nginx
view src/event/ngx_event_posted.c @ 7672:3dcb1aba894a
SSL: fixed unexpected certificate requests (ticket #2008).
Using SSL_CTX_set_verify(SSL_VERIFY_PEER) implies that OpenSSL will
send a certificate request during an SSL handshake, leading to unexpected
certificate requests from browsers as long as there are any client
certificates installed. Given that ngx_ssl_trusted_certificate()
is called unconditionally by the ngx_http_ssl_module, this affected
all HTTPS servers. Broken by 699f6e55bbb4 (not released yet).
Fix is to set verify callback in the ngx_ssl_trusted_certificate() function
without changing the verify mode.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 29 Jun 2020 17:15:51 +0300 |
| parents | f1720934c45b |
| children |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_event.h> ngx_queue_t ngx_posted_accept_events; ngx_queue_t ngx_posted_next_events; ngx_queue_t ngx_posted_events; void ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted) { ngx_queue_t *q; ngx_event_t *ev; while (!ngx_queue_empty(posted)) { q = ngx_queue_head(posted); ev = ngx_queue_data(q, ngx_event_t, queue); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "posted event %p", ev); ngx_delete_posted_event(ev); ev->handler(ev); } } void ngx_event_move_posted_next(ngx_cycle_t *cycle) { ngx_queue_t *q; ngx_event_t *ev; for (q = ngx_queue_head(&ngx_posted_next_events); q != ngx_queue_sentinel(&ngx_posted_next_events); q = ngx_queue_next(q)) { ev = ngx_queue_data(q, ngx_event_t, queue); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "posted next event %p", ev); ev->ready = 1; ev->available = -1; } ngx_queue_add(&ngx_posted_events, &ngx_posted_next_events); ngx_queue_init(&ngx_posted_next_events); }