# HG changeset patch # User Maxim Dounin # Date 1551118586 -10800 # Node ID 48c87377aabd2587618ae2c1e42c8d1a18637a78 # Parent 6708bec13757eb2ff72b0f36b485de8f8fa8c189 SSL: fixed possible segfault with dynamic certificates. A virtual server may have no SSL context if it does not have certificates defined, so we have to use config of the ngx_http_ssl_module from the SSL context in the certificate callback. To do so, it is now passed as the argument of the callback. The stream module doesn't really need any changes, but was modified as well to match http code. diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -741,7 +741,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t * /* install callback to lookup certificates */ - SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, NULL); + SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, conf); #else ngx_log_error(NGX_LOG_EMERG, cf->log, 0, diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -973,7 +973,7 @@ ngx_http_ssl_certificate(ngx_ssl_conn_t r->logged = 1; - sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); + sscf = arg; nelts = sscf->certificate_values->nelts; certs = sscf->certificate_values->elts; diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -434,7 +434,7 @@ ngx_stream_ssl_certificate(ngx_ssl_conn_ s = c->data; - sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); + sslcf = arg; nelts = sslcf->certificate_values->nelts; certs = sslcf->certificate_values->elts; @@ -692,7 +692,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf /* install callback to lookup certificates */ - SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, NULL); + SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, conf); #else ngx_log_error(NGX_LOG_EMERG, cf->log, 0,