From 13bf2759c8d106c15eee0efa58f090482e8f484f Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Mon, 12 Sep 2016 20:11:06 +0300 Subject: [PATCH] OCSP stapling: fixed using wrong responder with multiple certs. --- src/event/ngx_event_openssl_stapling.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c index cce8e9ec1..09fab7690 100644 --- a/src/event/ngx_event_openssl_stapling.c +++ b/src/event/ngx_event_openssl_stapling.c @@ -376,6 +376,7 @@ ngx_ssl_stapling_responder(ngx_conf_t *cf, ngx_ssl_t *ssl, { ngx_url_t u; char *s; + ngx_str_t rsp; STACK_OF(OPENSSL_STRING) *aia; if (responder->len == 0) { @@ -403,6 +404,8 @@ ngx_ssl_stapling_responder(ngx_conf_t *cf, ngx_ssl_t *ssl, return NGX_DECLINED; } + responder = &rsp; + responder->len = ngx_strlen(s); responder->data = ngx_palloc(cf->pool, responder->len); if (responder->data == NULL) {