Klaus Demo nginx / 79fcf26
SSL: fixed possible segfault on renegotiation (ticket #845). Skip SSL_CTX_set_tlsext_servername_callback in case of renegotiation. Do nothing in SNI callback as in this case it will be supplied with request in c->data which isn't expected and doesn't work this way. This was broken by b40af2fd1c16 (1.9.6) with OpenSSL master branch and LibreSSL. Sergey Kandaurov 6 years ago
1 changed file(s) with 4 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
836836
837837 c = ngx_ssl_get_connection(ssl_conn);
838838
839 if (c->ssl->renegotiation) {
840 return SSL_TLSEXT_ERR_NOACK;
841 }
842
839843 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
840844 "SSL server name: \"%s\"", servername);
841845