Welcome! Log In Create A New Profile

[nginx] SSL: fixed possible segfault with dynamic certificates.

Forum List Message List New Topic Print View

Maxim Dounin

February 25, 2019 01:36PM

details: https://hg.nginx.org/nginx/rev/48c87377aabd
branches:
changeset: 7466:48c87377aabd
user: Maxim Dounin <mdounin@mdounin.ru>
date: Mon Feb 25 21:16:26 2019 +0300
description:
SSL: fixed possible segfault with dynamic certificates.

A virtual server may have no SSL context if it does not have certificates
defined, so we have to use config of the ngx_http_ssl_module from the
SSL context in the certificate callback. To do so, it is now passed as
the argument of the callback.

The stream module doesn't really need any changes, but was modified as
well to match http code.

diffstat:

src/http/modules/ngx_http_ssl_module.c | 2 +-
src/http/ngx_http_request.c | 2 +-
src/stream/ngx_stream_ssl_module.c | 4 ++--
3 files changed, 4 insertions(+), 4 deletions(-)

diffs (45 lines):

diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -741,7 +741,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *

/* install callback to lookup certificates */

- SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, NULL);
+ SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, conf);

#else
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -973,7 +973,7 @@ ngx_http_ssl_certificate(ngx_ssl_conn_t

r->logged = 1;

- sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
+ sscf = arg;

nelts = sscf->certificate_values->nelts;
certs = sscf->certificate_values->elts;
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -434,7 +434,7 @@ ngx_stream_ssl_certificate(ngx_ssl_conn_

s = c->data;

- sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module);
+ sslcf = arg;

nelts = sslcf->certificate_values->nelts;
certs = sslcf->certificate_values->elts;
@@ -692,7 +692,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf

/* install callback to lookup certificates */

- SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, NULL);
+ SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, conf);

#else
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] SSL: fixed possible segfault with dynamic certificates.	Maxim Dounin	316	February 25, 2019 01:36PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 300

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018