]> git.kaiwu.me - nginx.git/commitdiff
projects / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ecfab06)
SSL: fixed possible segfault with dynamic certificates.
authorMaxim Dounin <mdounin@mdounin.ru>
Mon, 25 Feb 2019 18:16:26 +0000 (21:16 +0300)
committerMaxim Dounin <mdounin@mdounin.ru>
Mon, 25 Feb 2019 18:16:26 +0000 (21:16 +0300)
A virtual server may have no SSL context if it does not have certificates
defined, so we have to use config of the ngx_http_ssl_module from the
SSL context in the certificate callback.  To do so, it is now passed as
the argument of the callback.

The stream module doesn't really need any changes, but was modified as
well to match http code.

src/http/modules/ngx_http_ssl_module.c patch | blob | history
src/http/ngx_http_request.c patch | blob | history
src/stream/ngx_stream_ssl_module.c patch | blob | history

diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 3bf122acb3124118015726523ce0376a1da4020c..1b2830d210881b234b997a60343c424481025629 100644 (file)
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -741,7 +741,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 
         /* install callback to lookup certificates */
 
-        SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, NULL);
+        SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, conf);
 
 #else
         ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 81d546a867f21b824df7af6dc2089eff766946f9..40973b2e2b504e1f1936fa9c6b2a0222ad10b8cd 100644 (file)
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -973,7 +973,7 @@ ngx_http_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg)
 
     r->logged = 1;
 
-    sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
+    sscf = arg;
 
     nelts = sscf->certificate_values->nelts;
     certs = sscf->certificate_values->elts;
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
index 9ab2c82be34b61a3423d7770a2b8f05e38903612..9266e99aa9411cdd58771dbf33fdf33318dee5d6 100644 (file)
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -434,7 +434,7 @@ ngx_stream_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg)
 
     s = c->data;
 
-    sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module);
+    sslcf = arg;
 
     nelts = sslcf->certificate_values->nelts;
     certs = sslcf->certificate_values->elts;
@@ -692,7 +692,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
 
         /* install callback to lookup certificates */
 
-        SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, NULL);
+        SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, conf);
 
 #else
         ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
nginx upstream