diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2018-04-24 15:29:01 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2018-04-24 15:29:01 +0300 |
| commit | 76be1ea9de13c5e8bb0d9523c6a2ad4009a5d7cf (patch) | |
| tree | efc4b871b998e7e04d5ab4a11a7df9e89a3e1dde /src/http/modules/ngx_http_ssl_module.c | |
| parent | 5d3a854ebd4f59854ade798b94070ff1ee3eddcf (diff) | |
| download | nginx-76be1ea9de13c5e8bb0d9523c6a2ad4009a5d7cf.tar.gz nginx-76be1ea9de13c5e8bb0d9523c6a2ad4009a5d7cf.zip | |
SSL: detect "listen ... ssl" without certificates (ticket #178).
In mail and stream modules, no certificate provided is a fatal condition,
much like with the "ssl" and "starttls" directives.
In http, "listen ... ssl" can be used in a non-default server without
certificates as long as there is a certificate in the default one, so
missing certificate is only fatal for default servers.
Diffstat (limited to 'src/http/modules/ngx_http_ssl_module.c')
| -rw-r--r-- | src/http/modules/ngx_http_ssl_module.c | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index 7d62176e0..ca33b512c 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -966,10 +966,12 @@ invalid: static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf) { - ngx_uint_t s; + ngx_uint_t a, p, s; + ngx_http_conf_addr_t *addr; + ngx_http_conf_port_t *port; ngx_http_ssl_srv_conf_t *sscf; ngx_http_core_loc_conf_t *clcf; - ngx_http_core_srv_conf_t **cscfp; + ngx_http_core_srv_conf_t **cscfp, *cscf; ngx_http_core_main_conf_t *cmcf; cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); @@ -993,5 +995,32 @@ ngx_http_ssl_init(ngx_conf_t *cf) } } + if (cmcf->ports == NULL) { + return NGX_OK; + } + + port = cmcf->ports->elts; + for (p = 0; p < cmcf->ports->nelts; p++) { + + addr = port[p].addrs.elts; + for (a = 0; a < port[p].addrs.nelts; a++) { + + if (!addr[a].opt.ssl) { + continue; + } + + cscf = addr[a].default_server; + sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; + + if (sscf->certificates == NULL) { + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "no \"ssl_certificate\" is defined for " + "the \"listen ... ssl\" directive in %s:%ui", + cscf->file_name, cscf->line); + return NGX_ERROR; + } + } + } + return NGX_OK; } |