aboutsummaryrefslogtreecommitdiff
path: root/src/http/ngx_http_request.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/http/ngx_http_request.c')
-rw-r--r--src/http/ngx_http_request.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index bb4cacabd..0cb081c74 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1872,10 +1872,22 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host)
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (hc->ssl_servername) {
+ ngx_http_ssl_srv_conf_t *sscf;
+
if (rc == NGX_DECLINED) {
cscf = hc->addr_conf->default_server;
rc = NGX_OK;
}
+
+ sscf = ngx_http_get_module_srv_conf(cscf->ctx, ngx_http_ssl_module);
+
+ if (sscf->verify) {
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "client attempted to request the server name "
+ "different from that one was negotiated");
+ ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+ return NGX_ERROR;
+ }
}
#endif
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-15 04:46:21 +0000