Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: using default server context in session remove (closes #1464).

Previous Message Next Message
Forum List Message List New Topic Print View
Sergey Kandaurov
January 30, 2018 11:12AM
details: http://hg.nginx.org/nginx/rev/9d14931cec8c
branches:
changeset: 7193:9d14931cec8c
user: Sergey Kandaurov <pluknet@nginx.com>
date: Tue Jan 30 17:46:31 2018 +0300
description:
SSL: using default server context in session remove (closes #1464).

This fixes segfault in configurations with multiple virtual servers sharing
the same port, where a non-default virtual server block misses certificate.

diffstat:

src/http/ngx_http_request.c | 4 ++--
src/mail/ngx_mail_handler.c | 4 ++--
src/stream/ngx_stream_ssl_module.c | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)

diffs (63 lines):

diff -r d5a535774861 -r 9d14931cec8c src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Tue Jan 30 14:44:31 2018 +0300
+++ b/src/http/ngx_http_request.c Tue Jan 30 17:46:31 2018 +0300
@@ -1902,7 +1902,7 @@ ngx_http_process_request(ngx_http_reques
"client SSL certificate verify error: (%l:%s)",
rc, X509_verify_cert_error_string(rc));

- ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));

ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
@@ -1916,7 +1916,7 @@ ngx_http_process_request(ngx_http_reques
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent no required SSL certificate");

- ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));

ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
diff -r d5a535774861 -r 9d14931cec8c src/mail/ngx_mail_handler.c
--- a/src/mail/ngx_mail_handler.c Tue Jan 30 14:44:31 2018 +0300
+++ b/src/mail/ngx_mail_handler.c Tue Jan 30 17:46:31 2018 +0300
@@ -302,7 +302,7 @@ ngx_mail_verify_cert(ngx_mail_session_t
"client SSL certificate verify error: (%l:%s)",
rc, X509_verify_cert_error_string(rc));

- ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));

cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
@@ -323,7 +323,7 @@ ngx_mail_verify_cert(ngx_mail_session_t
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent no required SSL certificate");

- ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));

cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
diff -r d5a535774861 -r 9d14931cec8c src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c Tue Jan 30 14:44:31 2018 +0300
+++ b/src/stream/ngx_stream_ssl_module.c Tue Jan 30 17:46:31 2018 +0300
@@ -328,7 +328,7 @@ ngx_stream_ssl_handler(ngx_stream_sessio
"client SSL certificate verify error: (%l:%s)",
rc, X509_verify_cert_error_string(rc));

- ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));
return NGX_ERROR;
}
@@ -340,7 +340,7 @@ ngx_stream_ssl_handler(ngx_stream_sessio
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent no required SSL certificate");

- ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));
return NGX_ERROR;
}
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] SSL: using default server context in session remove (closes #1464).

Sergey Kandaurov 570 January 30, 2018 11:12AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 186
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready