mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-18 10:16:27 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed client certificate verification.

Browse Source 
For ngx_http_process_request() part to work, this required to set both
r->http_connection->ssl and c->ssl on a QUIC stream.  To avoid damaging
global SSL object, ngx_ssl_shutdown() is managed to ignore QUIC streams.
This commit is contained in:
Sergey Kandaurov 2020-03-23 20:48:34 +03:00
parent 5ac5e51fdf
commit f20af3dabc
3 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/event/ngx_event_openssl.c
View File

@ -2735,6 +2735,11 @@ ngx_ssl_shutdown(ngx_connection_t *c)
int n, sslerr, mode; int n, sslerr, mode;
ngx_err_t err; ngx_err_t err;
if (c->qs) {
/* QUIC streams inherit SSL object */
return NGX_OK;
}
if (SSL_in_init(c->ssl->connection)) { if (SSL_in_init(c->ssl->connection)) {
/* /*
* OpenSSL 1.0.2f complains if SSL_shutdown() is called during * OpenSSL 1.0.2f complains if SSL_shutdown() is called during

1
src/event/ngx_event_quic.c
View File

@ -1470,6 +1470,7 @@ ngx_quic_create_stream(ngx_connection_t *c, ngx_uint_t id)
sn->c->sockaddr = c->sockaddr; sn->c->sockaddr = c->sockaddr;
sn->c->local_sockaddr = c->local_sockaddr; sn->c->local_sockaddr = c->local_sockaddr;
sn->c->addr_text = c->addr_text; sn->c->addr_text = c->addr_text;
sn->c->ssl = c->ssl;
rev = sn->c->read; rev = sn->c->read;
wev = sn->c->write; wev = sn->c->write;

1
src/http/ngx_http_request.c
View File

@ -225,6 +225,7 @@ ngx_http_init_connection(ngx_connection_t *c)
if (c->type == SOCK_DGRAM) { if (c->type == SOCK_DGRAM) {
hc = ngx_pcalloc(c->pool, sizeof(ngx_http_v3_connection_t)); hc = ngx_pcalloc(c->pool, sizeof(ngx_http_v3_connection_t));
hc->quic = 1; hc->quic = 1;
hc->ssl = 1;
} else } else
#endif #endif