diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2019-02-25 21:16:26 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2019-02-25 21:16:26 +0300 |
| commit | 1a30d79c429cb1d4438d592db62cbe701e3b4360 (patch) | |
| tree | 230b57e48c8b2c75e5135db370bc7ae8e9f0ecd5 /src | |
| parent | ecfab06cb20959219c9aadc2ef59507488e4fa99 (diff) | |
| download | nginx-1a30d79c429cb1d4438d592db62cbe701e3b4360.tar.gz nginx-1a30d79c429cb1d4438d592db62cbe701e3b4360.zip | |
SSL: fixed possible segfault with dynamic certificates.
A virtual server may have no SSL context if it does not have certificates
defined, so we have to use config of the ngx_http_ssl_module from the
SSL context in the certificate callback. To do so, it is now passed as
the argument of the callback.
The stream module doesn't really need any changes, but was modified as
well to match http code.
Diffstat (limited to 'src')
| -rw-r--r-- | src/http/modules/ngx_http_ssl_module.c | 2 | ||||
| -rw-r--r-- | src/http/ngx_http_request.c | 2 | ||||
| -rw-r--r-- | src/stream/ngx_stream_ssl_module.c | 4 |
3 files changed, 4 insertions, 4 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index 3bf122acb..1b2830d21 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -741,7 +741,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) /* install callback to lookup certificates */ - SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, NULL); + SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, conf); #else ngx_log_error(NGX_LOG_EMERG, cf->log, 0, diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 81d546a86..40973b2e2 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -973,7 +973,7 @@ ngx_http_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg) r->logged = 1; - sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); + sscf = arg; nelts = sscf->certificate_values->nelts; certs = sscf->certificate_values->elts; diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c index 9ab2c82be..9266e99aa 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -434,7 +434,7 @@ ngx_stream_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg) s = c->data; - sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); + sslcf = arg; nelts = sslcf->certificate_values->nelts; certs = sslcf->certificate_values->elts; @@ -692,7 +692,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) /* install callback to lookup certificates */ - SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, NULL); + SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, conf); #else ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |