Mercurial > hg > nginx
view src/event/ngx_event_posted.h @ 7465:6708bec13757
SSL: adjusted session id context with dynamic certificates.
Dynamic certificates re-introduce problem with incorrect session
reuse (AKA "virtual host confusion", CVE-2014-3616), since there are
no server certificates to generate session id context from.
To prevent this, session id context is now generated from ssl_certificate
directives as specified in the configuration. This approach prevents
incorrect session reuse in most cases, while still allowing sharing
sessions across multiple machines with ssl_session_ticket_key set as
long as configurations are identical.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 25 Feb 2019 16:42:54 +0300 |
parents | 3d4730eada9c |
children | 9d2ad2fb4423 |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_EVENT_POSTED_H_INCLUDED_ #define _NGX_EVENT_POSTED_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_event.h> #define ngx_post_event(ev, q) \ \ if (!(ev)->posted) { \ (ev)->posted = 1; \ ngx_queue_insert_tail(q, &(ev)->queue); \ \ ngx_log_debug1(NGX_LOG_DEBUG_CORE, (ev)->log, 0, "post event %p", ev);\ \ } else { \ ngx_log_debug1(NGX_LOG_DEBUG_CORE, (ev)->log, 0, \ "update posted event %p", ev); \ } #define ngx_delete_posted_event(ev) \ \ (ev)->posted = 0; \ ngx_queue_remove(&(ev)->queue); \ \ ngx_log_debug1(NGX_LOG_DEBUG_CORE, (ev)->log, 0, \ "delete posted event %p", ev); void ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted); extern ngx_queue_t ngx_posted_accept_events; extern ngx_queue_t ngx_posted_events; #endif /* _NGX_EVENT_POSTED_H_INCLUDED_ */