Klaus Demo nginx / 5784889
OCSP stapling: fixed segfault with dynamic certificate loading. If OCSP stapling was enabled with dynamic certificate loading, with some OpenSSL versions (1.0.2o and older, 1.1.0h and older; fixed in 1.0.2p, 1.1.0i, 1.1.1) a segmentation fault might happen. The reason is that during an abbreviated handshake the certificate callback is not called, but the certificate status callback was called (https://github.com/openssl/openssl/issues/1662), leading to NULL being returned from SSL_get_certificate(). Fix is to explicitly check SSL_get_certificate() result. Maxim Dounin 3 years ago
1 changed file(s) with 5 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
510510 rc = SSL_TLSEXT_ERR_NOACK;
511511
512512 cert = SSL_get_certificate(ssl_conn);
513
514 if (cert == NULL) {
515 return rc;
516 }
517
513518 staple = X509_get_ex_data(cert, ngx_ssl_stapling_index);
514519
515520 if (staple == NULL) {