diff options
| author | Vladimir Homutov <vl@nginx.com> | 2017-01-19 16:20:07 +0300 |
|---|---|---|
| committer | Vladimir Homutov <vl@nginx.com> | 2017-01-19 16:20:07 +0300 |
| commit | 620c9a4c44087069c0a50be96748b98be7d497a8 (patch) | |
| tree | 3f9ffbdcc365005bbb1ecd3be21a8714e8bffba1 /src | |
| parent | 0ccbe0abe4fc1313689576b21b8649e4ebe524ee (diff) | |
| download | nginx-620c9a4c44087069c0a50be96748b98be7d497a8.tar.gz nginx-620c9a4c44087069c0a50be96748b98be7d497a8.zip | |
Stream: client SSL certificates were not checked in some cases.
If ngx_stream_ssl_init_connection() succeeded immediately, the check was not
done.
The bug had appeared in 1.11.8 (41cb1b64561d).
Diffstat (limited to 'src')
| -rw-r--r-- | src/stream/ngx_stream_ssl_module.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c index 414d32824..2f242b666 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -284,6 +284,7 @@ ngx_stream_ssl_handler(ngx_stream_session_t *s) { long rc; X509 *cert; + ngx_int_t rv; ngx_connection_t *c; ngx_stream_ssl_conf_t *sslcf; @@ -305,7 +306,11 @@ ngx_stream_ssl_handler(ngx_stream_session_t *s) return NGX_ERROR; } - return ngx_stream_ssl_init_connection(&sslcf->ssl, c); + rv = ngx_stream_ssl_init_connection(&sslcf->ssl, c); + + if (rv != NGX_OK) { + return rv; + } } if (sslcf->verify) { |