mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-11-24 04:49:01 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: abort handshake on SSL_set_SSL_CTX() errors.

Browse Source 
In rare cases, such as memory allocation failure, SSL_set_SSL_CTX() returns
NULL, which could mean that a different SSL configuration has not been set.
Note that this new behaviour seemingly originated in OpenSSL-1.1.0 release.
This commit is contained in:
Sergey Kandaurov 2020-09-24 13:51:29 +01:00
parent 6c89d752c8
commit 3bbeb1b8de
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/http/ngx_http_request.c
View File

@ -932,7 +932,10 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
c->ssl->buffer_size = sscf->buffer_size;
if (sscf->ssl.ctx) {
SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx);
if (SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx) == NULL) {
*ad = SSL_AD_INTERNAL_ERROR;
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
/*
* SSL_set_SSL_CTX() only changes certs as of 1.0.0d