Klaus Demo nginx / 344cb11
Merge of r4305: Fixed segfault on ssl servers without cert with SNI (ticket #54). Non-default servers may not have ssl context created if there are no certificate defined. Make sure to check if ssl context present before using it. Maxim Dounin 10 years ago
1 changed file(s) with 19 addition(s) and 17 deletion(s). Raw diff Collapse all Expand all
670670
671671 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
672672
673 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx);
674
675 /*
676 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d
677 * adjust other things we care about
678 */
679
680 SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx),
681 SSL_CTX_get_verify_callback(sscf->ssl.ctx));
682
683 SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx));
673 if (sscf->ssl.ctx) {
674 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx);
675
676 /*
677 * SSL_set_SSL_CTX() only changes certs as of 1.0.0d
678 * adjust other things we care about
679 */
680
681 SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx),
682 SSL_CTX_get_verify_callback(sscf->ssl.ctx));
683
684 SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx));
684685
685686 #ifdef SSL_CTRL_CLEAR_OPTIONS
686 /* only in 0.9.8m+ */
687 SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) &
688 ~SSL_CTX_get_options(sscf->ssl.ctx));
689 #endif
690
691 SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
687 /* only in 0.9.8m+ */
688 SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) &
689 ~SSL_CTX_get_options(sscf->ssl.ctx));
690 #endif
691
692 SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
693 }
692694
693695 return SSL_TLSEXT_ERR_OK;
694696 }