Mercurial > hg > nginx
changeset 7193:9d14931cec8c
SSL: using default server context in session remove (closes #1464).
This fixes segfault in configurations with multiple virtual servers sharing
the same port, where a non-default virtual server block misses certificate.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 30 Jan 2018 17:46:31 +0300 |
parents | d5a535774861 |
children | 0b72d545f098 |
files | src/http/ngx_http_request.c src/mail/ngx_mail_handler.c src/stream/ngx_stream_ssl_module.c |
diffstat | 3 files changed, 6 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1902,7 +1902,7 @@ ngx_http_process_request(ngx_http_reques "client SSL certificate verify error: (%l:%s)", rc, X509_verify_cert_error_string(rc)); - ngx_ssl_remove_cached_session(sscf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); @@ -1916,7 +1916,7 @@ ngx_http_process_request(ngx_http_reques ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent no required SSL certificate"); - ngx_ssl_remove_cached_session(sscf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
--- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_handler.c @@ -302,7 +302,7 @@ ngx_mail_verify_cert(ngx_mail_session_t "client SSL certificate verify error: (%l:%s)", rc, X509_verify_cert_error_string(rc)); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); @@ -323,7 +323,7 @@ ngx_mail_verify_cert(ngx_mail_session_t ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent no required SSL certificate"); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
--- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -328,7 +328,7 @@ ngx_stream_ssl_handler(ngx_stream_sessio "client SSL certificate verify error: (%l:%s)", rc, X509_verify_cert_error_string(rc)); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); return NGX_ERROR; } @@ -340,7 +340,7 @@ ngx_stream_ssl_handler(ngx_stream_sessio ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent no required SSL certificate"); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); return NGX_ERROR; }