SSL: server name callback changed to return SSL_TLSEXT_ERR_OK.

author Maxim Dounin <mdounin@mdounin.ru>

Sun, 3 Mar 2019 13:47:44 +0000 (16:47 +0300)

committer Maxim Dounin <mdounin@mdounin.ru>

Sun, 3 Mar 2019 13:47:44 +0000 (16:47 +0300)
author Maxim Dounin <mdounin@mdounin.ru>
Sun, 3 Mar 2019 13:47:44 +0000 (16:47 +0300)
committer Maxim Dounin <mdounin@mdounin.ru>
Sun, 3 Mar 2019 13:47:44 +0000 (16:47 +0300)
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c

index 40973b2e2b504e1f1936fa9c6b2a0222ad10b8cd..9cdc4a543f0db5c1faffaaf3401dccd2c26e7fcd 100644 (file)
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -866,13 +866,13 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
      servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name);
  
      if (servername == NULL) {
-        return SSL_TLSEXT_ERR_NOACK;
+        return SSL_TLSEXT_ERR_OK;
      }
  
      c = ngx_ssl_get_connection(ssl_conn);
  
      if (c->ssl->handshaked) {
-        return SSL_TLSEXT_ERR_NOACK;
+        return SSL_TLSEXT_ERR_OK;
      }
  
      ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
@@ -881,13 +881,13 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
      host.len = ngx_strlen(servername);
  
      if (host.len == 0) {
-        return SSL_TLSEXT_ERR_NOACK;
+        return SSL_TLSEXT_ERR_OK;
      }
  
      host.data = (u_char *) servername;
  
      if (ngx_http_validate_host(&host, c->pool, 1) != NGX_OK) {
-        return SSL_TLSEXT_ERR_NOACK;
+        return SSL_TLSEXT_ERR_OK;
      }
  
      hc = c->data;
@@ -896,12 +896,12 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
                                       NULL, &cscf)
          != NGX_OK)
      {
-        return SSL_TLSEXT_ERR_NOACK;
+        return SSL_TLSEXT_ERR_OK;
      }
  
      hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
      if (hc->ssl_servername == NULL) {
-        return SSL_TLSEXT_ERR_NOACK;
+        return SSL_TLSEXT_ERR_OK;
      }
  
      *hc->ssl_servername = host;
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c

index 9266e99aa9411cdd58771dbf33fdf33318dee5d6..b099a805a5d5ba6e37706753be689b1aa0d0710e 100644 (file)
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -22,6 +22,9 @@ static ngx_int_t ngx_stream_ssl_handler(ngx_stream_session_t *s);
  static ngx_int_t ngx_stream_ssl_init_connection(ngx_ssl_t *ssl,
      ngx_connection_t *c);
  static void ngx_stream_ssl_handshake_handler(ngx_connection_t *c);
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+int ngx_stream_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg);
+#endif
  #ifdef SSL_R_CERT_CB_ERROR
  static int ngx_stream_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg);
  #endif
@@ -414,6 +417,17 @@ ngx_stream_ssl_handshake_handler(ngx_connection_t *c)
  }
  
  
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+
+int
+ngx_stream_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
+{
+    return SSL_TLSEXT_ERR_OK;
+}
+
+#endif
+
+
  #ifdef SSL_R_CERT_CB_ERROR
  
  int
@@ -682,6 +696,11 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
      cln->handler = ngx_ssl_cleanup_ctx;
      cln->data = &conf->ssl;
  
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+    SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
+                                           ngx_stream_ssl_servername);
+#endif
+
      if (ngx_stream_ssl_compile_certificates(cf, conf) != NGX_OK) {
          return NGX_CONF_ERROR;
      }
author	Maxim Dounin <mdounin@mdounin.ru>
	Sun, 3 Mar 2019 13:47:44 +0000 (16:47 +0300)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Sun, 3 Mar 2019 13:47:44 +0000 (16:47 +0300)
src/http/ngx_http_request.c		patch \| blob \| history
src/stream/ngx_stream_ssl_module.c		patch \| blob \| history