Mercurial > hg > nginx
changeset 6320:a6902a941279
SSL: fixed possible segfault on renegotiation (ticket #845).
Skip SSL_CTX_set_tlsext_servername_callback in case of renegotiation.
Do nothing in SNI callback as in this case it will be supplied with
request in c->data which isn't expected and doesn't work this way.
This was broken by b40af2fd1c16 (1.9.6) with OpenSSL master branch and LibreSSL.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 08 Dec 2015 16:59:43 +0300 |
parents | fe0ace132a25 |
children | bc9ea464e354 |
files | src/http/ngx_http_request.c |
diffstat | 1 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_request.c Mon Dec 07 20:09:34 2015 +0300 +++ b/src/http/ngx_http_request.c Tue Dec 08 16:59:43 2015 +0300 @@ -837,6 +837,10 @@ c = ngx_ssl_get_connection(ssl_conn); + if (c->ssl->renegotiation) { + return SSL_TLSEXT_ERR_NOACK; + } + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL server name: \"%s\"", servername);