Author: mdounin
Date: 2011-11-22 16:27:45 +0000 (Tue, 22 Nov 2011)
New Revision: 4305
Log:
Fixed segfault on ssl servers without cert with SNI (ticket #54).
Non-default servers may not have ssl context created if there are no
certificate defined. Make sure to check if ssl context present before
using it.
Modified:
trunk/src/http/ngx_http_request.c
Modified: trunk/src/http/ngx_http_request.c
===================================================================
--- trunk/src/http/ngx_http_request.c 2011-11-22 13:26:44 UTC (rev 4304)
+++ trunk/src/http/ngx_http_request.c 2011-11-22 16:27:45 UTC (rev 4305)
@@ -671,25 +671,27 @@
sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
- SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx);
+ if (sscf->ssl.ctx) {
+ SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx);
- /*
- * SSL_set_SSL_CTX() only changes certs as of 1.0.0d
- * adjust other things we care about
- */
+ /*
+ * SSL_set_SSL_CTX() only changes certs as of 1.0.0d
+ * adjust other things we care about
+ */
- SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx),
- SSL_CTX_get_verify_callback(sscf->ssl.ctx));
+ SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx),
+ SSL_CTX_get_verify_callback(sscf->ssl.ctx));
- SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx));
+ SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx));
#ifdef SSL_CTRL_CLEAR_OPTIONS
- /* only in 0.9.8m+ */
- SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) &
- ~SSL_CTX_get_options(sscf->ssl.ctx));
+ /* only in 0.9.8m+ */
+ SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) &
+ ~SSL_CTX_get_options(sscf->ssl.ctx));
#endif
- SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
+ SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
+ }
return SSL_TLSEXT_ERR_OK;
}
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel