From: Sergey Kandaurov <pluknet@nginx.com>
Date: Tue, 8 Dec 2015 13:59:43 +0000 (+0300)
Subject: SSL: fixed possible segfault on renegotiation (ticket #845).
X-Git-Tag: release-1.9.8~3
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=79fcf261d0b50c03ae2780b5588b59ed2eb7ad88;p=nginx.git

SSL: fixed possible segfault on renegotiation (ticket #845).

Skip SSL_CTX_set_tlsext_servername_callback in case of renegotiation.
Do nothing in SNI callback as in this case it will be supplied with
request in c->data which isn't expected and doesn't work this way.

This was broken by b40af2fd1c16 (1.9.6) with OpenSSL master branch and LibreSSL.
---

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index b68a13d3a..99e932509 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -837,6 +837,10 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
 
     c = ngx_ssl_get_connection(ssl_conn);
 
+    if (c->ssl->renegotiation) {
+        return SSL_TLSEXT_ERR_NOACK;
+    }
+
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
                    "SSL server name: \"%s\"", servername);