Mercurial > hg > nginx

changeset 6320:a6902a941279

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: fixed possible segfault on renegotiation (ticket #845). Skip SSL_CTX_set_tlsext_servername_callback in case of renegotiation. Do nothing in SNI callback as in this case it will be supplied with request in c->data which isn't expected and doesn't work this way. This was broken by b40af2fd1c16 (1.9.6) with OpenSSL master branch and LibreSSL.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 08 Dec 2015 16:59:43 +0300
parents fe0ace132a25
children bc9ea464e354
files src/http/ngx_http_request.c
diffstat 1 files changed, 4 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -837,6 +837,10 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *
 
     c = ngx_ssl_get_connection(ssl_conn);
 
+    if (c->ssl->renegotiation) {
+        return SSL_TLSEXT_ERR_NOACK;
+    }
+
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
                    "SSL server name: \"%s\"", servername);