Welcome! Log In Create A New Profile

[nginx] Stream: client SSL certificates were not checked in some cases.

Forum List Message List New Topic Print View

Vladimir Homutov

January 19, 2017 08:34AM

details: http://hg.nginx.org/nginx/rev/1818acd8442f
branches:
changeset: 6871:1818acd8442f
user: Vladimir Homutov <vl@nginx.com>
date: Thu Jan 19 16:20:07 2017 +0300
description:
Stream: client SSL certificates were not checked in some cases.

If ngx_stream_ssl_init_connection() succeeded immediately, the check was not
done.

The bug had appeared in 1.11.8 (41cb1b64561d).

diffstat:

src/stream/ngx_stream_ssl_module.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)

diffs (24 lines):

diff -r 0a08a8babf53 -r 1818acd8442f src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c Thu Jan 19 16:17:05 2017 +0300
+++ b/src/stream/ngx_stream_ssl_module.c Thu Jan 19 16:20:07 2017 +0300
@@ -284,6 +284,7 @@ ngx_stream_ssl_handler(ngx_stream_sessio
{
long rc;
X509 *cert;
+ ngx_int_t rv;
ngx_connection_t *c;
ngx_stream_ssl_conf_t *sslcf;

@@ -305,7 +306,11 @@ ngx_stream_ssl_handler(ngx_stream_sessio
return NGX_ERROR;
}

- return ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+ rv = ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+
+ if (rv != NGX_OK) {
+ return rv;
+ }
}

if (sslcf->verify) {
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] Stream: client SSL certificates were not checked in some cases.	Vladimir Homutov	447	January 19, 2017 08:34AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 173

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018