Mercurial > hg > nginx
changeset 7466:48c87377aabd
SSL: fixed possible segfault with dynamic certificates.
A virtual server may have no SSL context if it does not have certificates
defined, so we have to use config of the ngx_http_ssl_module from the
SSL context in the certificate callback. To do so, it is now passed as
the argument of the callback.
The stream module doesn't really need any changes, but was modified as
well to match http code.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 25 Feb 2019 21:16:26 +0300 |
parents | 6708bec13757 |
children | 8bdf57dfa42d |
files | src/http/modules/ngx_http_ssl_module.c src/http/ngx_http_request.c src/stream/ngx_stream_ssl_module.c |
diffstat | 3 files changed, 4 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c Mon Feb 25 16:42:54 2019 +0300 +++ b/src/http/modules/ngx_http_ssl_module.c Mon Feb 25 21:16:26 2019 +0300 @@ -741,7 +741,7 @@ /* install callback to lookup certificates */ - SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, NULL); + SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, conf); #else ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
--- a/src/http/ngx_http_request.c Mon Feb 25 16:42:54 2019 +0300 +++ b/src/http/ngx_http_request.c Mon Feb 25 21:16:26 2019 +0300 @@ -973,7 +973,7 @@ r->logged = 1; - sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); + sscf = arg; nelts = sscf->certificate_values->nelts; certs = sscf->certificate_values->elts;
--- a/src/stream/ngx_stream_ssl_module.c Mon Feb 25 16:42:54 2019 +0300 +++ b/src/stream/ngx_stream_ssl_module.c Mon Feb 25 21:16:26 2019 +0300 @@ -434,7 +434,7 @@ s = c->data; - sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); + sslcf = arg; nelts = sslcf->certificate_values->nelts; certs = sslcf->certificate_values->elts; @@ -692,7 +692,7 @@ /* install callback to lookup certificates */ - SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, NULL); + SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, conf); #else ngx_log_error(NGX_LOG_EMERG, cf->log, 0,