# HG changeset patch
# User Valentin Bartenev <vbart@nginx.com>
# Date 1361986439 0
# Node ID 68ca3e8241155ca1f3d251205192c657029330de
# Parent  c4d3310574e0d8a944e59c9504d9d01998c147e8
SNI: avoid surplus lookup of virtual server if SNI was used.

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -693,6 +693,13 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *
         return SSL_TLSEXT_ERR_NOACK;
     }
 
+    hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
+    if (hc->ssl_servername == NULL) {
+        return SSL_TLSEXT_ERR_NOACK;
+    }
+
+    *hc->ssl_servername = host;
+
     hc->conf_ctx = cscf->ctx;
 
     clcf = ngx_http_get_module_loc_conf(hc->conf_ctx, ngx_http_core_module);
@@ -1831,6 +1838,28 @@ ngx_http_set_virtual_server(ngx_http_req
 
     hc = r->http_connection;
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+
+    if (hc->ssl_servername) {
+        if (hc->ssl_servername->len == host->len
+            && ngx_strncmp(hc->ssl_servername->data,
+                           host->data, host->len) == 0)
+        {
+#if (NGX_PCRE)
+            if (hc->ssl_servername_regex
+                && ngx_http_regex_exec(r, hc->ssl_servername_regex,
+                                          hc->ssl_servername) != NGX_OK)
+            {
+                ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+                return NGX_ERROR;
+            }
+#endif
+            return NGX_OK;
+        }
+    }
+
+#endif
+
     rc = ngx_http_find_virtual_server(r->connection,
                                       hc->addr_conf->virtual_names,
                                       host, r, &cscf);
@@ -1887,6 +1916,8 @@ ngx_http_find_virtual_server(ngx_connect
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 
         if (r == NULL) {
+            ngx_http_connection_t  *hc;
+
             for (i = 0; i < virtual_names->nregex; i++) {
 
                 n = ngx_regex_exec(sn[i].regex->regex, host, NULL, 0);
@@ -1896,6 +1927,9 @@ ngx_http_find_virtual_server(ngx_connect
                 }
 
                 if (n >= 0) {
+                    hc = c->data;
+                    hc->ssl_servername_regex = sn[i].regex;
+
                     *cscfp = sn[i].server;
                     return NGX_OK;
                 }
diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -295,6 +295,13 @@ typedef struct {
     ngx_http_addr_conf_t             *addr_conf;
     ngx_http_conf_ctx_t              *conf_ctx;
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+    ngx_str_t                        *ssl_servername;
+#if (NGX_PCRE)
+    ngx_http_regex_t                 *ssl_servername_regex;
+#endif
+#endif
+
     ngx_http_request_t               *request;
 
     ngx_buf_t                       **busy;