]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 454ad0e) | patch
SSL: avoid using mismatched certificate/key cached pairs.
authorSergey Kandaurov <pluknet@nginx.com>
Wed, 8 Jan 2025 13:50:33 +0000 (17:50 +0400)
committerpluknet <pluknet@nginx.com>
Fri, 17 Jan 2025 00:37:46 +0000 (04:37 +0400)
commit5d5d9adccfeaff7d5926737ee5dfa43937fe5899
treedffc4e214497ad560eb317e97be59ac6eac3fac3tree | snapshot
parent454ad0ef33a347eba1a62d18c8fc0498f4dcfd64commit | diff
SSL: avoid using mismatched certificate/key cached pairs.

This can happen with certificates and certificate keys specified
with variables due to partial cache update in various scenarios:
- cache expiration with only one element of pair evicted
- on-disk update with non-cacheable encrypted keys
- non-atomic on-disk update

The fix is to retry with fresh data on X509_R_KEY_VALUES_MISMATCH.
src/event/ngx_event_openssl.c diff | blob | history
src/event/ngx_event_openssl.h diff | blob | history
src/event/ngx_event_openssl_cache.c diff | blob | history
nginx upstream