diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2018-01-30 17:46:31 +0300 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2018-01-30 17:46:31 +0300 |
| commit | 57dde2ab37708423d97333be19830437732b3f4f (patch) | |
| tree | 505c109fc4a38ba9062a2ce67a5df974d4b06d5b | |
| parent | 22136953689e4f48c2bc90a01f39e23a4b6428af (diff) | |
| download | nginx-57dde2ab37708423d97333be19830437732b3f4f.tar.gz nginx-57dde2ab37708423d97333be19830437732b3f4f.zip | |
SSL: using default server context in session remove (closes #1464).
This fixes segfault in configurations with multiple virtual servers sharing
the same port, where a non-default virtual server block misses certificate.
| -rw-r--r-- | src/http/ngx_http_request.c | 4 | ||||
| -rw-r--r-- | src/mail/ngx_mail_handler.c | 4 | ||||
| -rw-r--r-- | src/stream/ngx_stream_ssl_module.c | 4 |
3 files changed, 6 insertions, 6 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 5668bf441..a2663f015 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1902,7 +1902,7 @@ ngx_http_process_request(ngx_http_request_t *r) "client SSL certificate verify error: (%l:%s)", rc, X509_verify_cert_error_string(rc)); - ngx_ssl_remove_cached_session(sscf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); @@ -1916,7 +1916,7 @@ ngx_http_process_request(ngx_http_request_t *r) ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent no required SSL certificate"); - ngx_ssl_remove_cached_session(sscf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c index f6b26ede0..bc3e6b9e2 100644 --- a/src/mail/ngx_mail_handler.c +++ b/src/mail/ngx_mail_handler.c @@ -302,7 +302,7 @@ ngx_mail_verify_cert(ngx_mail_session_t *s, ngx_connection_t *c) "client SSL certificate verify error: (%l:%s)", rc, X509_verify_cert_error_string(rc)); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); @@ -323,7 +323,7 @@ ngx_mail_verify_cert(ngx_mail_session_t *s, ngx_connection_t *c) ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent no required SSL certificate"); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c index 1e9973fee..3e5a1f210 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -328,7 +328,7 @@ ngx_stream_ssl_handler(ngx_stream_session_t *s) "client SSL certificate verify error: (%l:%s)", rc, X509_verify_cert_error_string(rc)); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); return NGX_ERROR; } @@ -340,7 +340,7 @@ ngx_stream_ssl_handler(ngx_stream_session_t *s) ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent no required SSL certificate"); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); return NGX_ERROR; } |