]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 573810c) | patch
OCSP stapling: fixed segfault without nextUpdate.
authorMaxim Dounin <mdounin@mdounin.ru>
Mon, 13 Jul 2015 22:10:25 +0000 (01:10 +0300)
committerMaxim Dounin <mdounin@mdounin.ru>
Mon, 13 Jul 2015 22:10:25 +0000 (01:10 +0300)
commit3ac176fb86b49a436917d9a9874f0f98731a35f6
tree666f757e185d4402dc7b218ee115f0bfb20faf9ftree | snapshot
parent573810ce3668fdb21c2234f12bc05460dcc6810acommit | diff
OCSP stapling: fixed segfault without nextUpdate.

OCSP responses may contain no nextUpdate.  As per RFC 6960, this means
that nextUpdate checks should be bypassed.  Handle this gracefully by
using NGX_MAX_TIME_T_VALUE as "valid" in such a case.

The problem was introduced by 6893a1007a7c (1.9.2).

Reported by Matthew Baldwin.
src/event/ngx_event_openssl_stapling.c diff | blob | history
nginx upstream