Fixed mismerge of ssl_reject_handshake in 71b7453fb11f.

In particular, this fixes rejecting "listen .. quic|http3" configurations without TLSv1.3 configured.
author: Sergey Kandaurov <pluknet@nginx.com> 2021-09-29 15:01:53 +0300
committer: Sergey Kandaurov <pluknet@nginx.com> 2021-09-29 15:01:53 +0300
commit: 2765b63216fab23040aa83731ffd7d767cf0fa31 (patch)
tree: 76d479a02c3cc1f1ae2963c5841ba8c313893e90 /src
parent: 4d92aa79571d095e088c22513262a68aa347950d (diff)
download: nginx-2765b63216fab23040aa83731ffd7d767cf0fa31.tar.gz
nginx-2765b63216fab23040aa83731ffd7d767cf0fa31.zip
1 files changed, 11 insertions, 10 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index efbc4594c..dbb5905df 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -1385,14 +1385,23 @@ ngx_http_ssl_init(ngx_conf_t *cf)
             sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
 
             if (sscf->certificates) {
+
+                if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) {
+                    ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+                                  "\"ssl_protocols\" must enable TLSv1.3 for "
+                                  "the \"listen ... %s\" directive in %s:%ui",
+                                  name, cscf->file_name, cscf->line);
+                    return NGX_ERROR;
+                }
+
                 continue;
             }
 
             if (!sscf->reject_handshake) {
                 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
                               "no \"ssl_certificate\" is defined for "
-                              "the \"listen ... ssl\" directive in %s:%ui",
-                              cscf->file_name, cscf->line);
+                              "the \"listen ... %s\" directive in %s:%ui",
+                              name, cscf->file_name, cscf->line);
                 return NGX_ERROR;
             }
 
@@ -1417,14 +1426,6 @@ ngx_http_ssl_init(ngx_conf_t *cf)
                               name, cscf->file_name, cscf->line);
                 return NGX_ERROR;
             }
-
-            if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) {
-                ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
-                              "\"ssl_protocols\" did not enable TLSv1.3 for "
-                              "the \"listen ... %s\" directives in %s:%ui",
-                              name, cscf->file_name, cscf->line);
-                return NGX_ERROR;
-            }
         }
     }
author	Sergey Kandaurov <pluknet@nginx.com>	2021-09-29 15:01:53 +0300
committer	Sergey Kandaurov <pluknet@nginx.com>	2021-09-29 15:01:53 +0300
commit	2765b63216fab23040aa83731ffd7d767cf0fa31 (patch)
tree	76d479a02c3cc1f1ae2963c5841ba8c313893e90 /src
parent	4d92aa79571d095e088c22513262a68aa347950d (diff)
download	nginx-2765b63216fab23040aa83731ffd7d767cf0fa31.tar.gz nginx-2765b63216fab23040aa83731ffd7d767cf0fa31.zip