mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-06 00:42:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: fixed possible segfault on renegotiation (ticket #845).

Browse Source 
Skip SSL_CTX_set_tlsext_servername_callback in case of renegotiation.
Do nothing in SNI callback as in this case it will be supplied with
request in c->data which isn't expected and doesn't work this way.

This was broken by b40af2fd1c16 (1.9.6) with OpenSSL master branch and LibreSSL.
This commit is contained in:
Sergey Kandaurov 2015-12-08 16:59:43 +03:00
parent 1be1e11335
commit 79fcf261d0
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/http/ngx_http_request.c
View File

@ -837,6 +837,10 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
c = ngx_ssl_get_connection(ssl_conn);
if (c->ssl->renegotiation) {
return SSL_TLSEXT_ERR_NOACK;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
"SSL server name: \"%s\"", servername);