Merge of r4305:

Fixed segfault on ssl servers without cert with SNI (ticket #54).

Non-default servers may not have ssl context created if there are no
certificate defined.  Make sure to check if ssl context present before
using it.

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index c0d56ecaaf67522e9cb0e38169701615471d46ca..aea2228fdd84d95d7c21a3ed8e39a49f453ea5e2 100644 (file)
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -671,25 +671,27 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
 
     sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
 
-    SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx);
+    if (sscf->ssl.ctx) {
+        SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx);
 
-    /*
-     * SSL_set_SSL_CTX() only changes certs as of 1.0.0d
-     * adjust other things we care about
-     */
+        /*
+         * SSL_set_SSL_CTX() only changes certs as of 1.0.0d
+         * adjust other things we care about
+         */
 
-    SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx),
-                   SSL_CTX_get_verify_callback(sscf->ssl.ctx));
+        SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx),
+                       SSL_CTX_get_verify_callback(sscf->ssl.ctx));
 
-    SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx));
+        SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx));
 
 #ifdef SSL_CTRL_CLEAR_OPTIONS
-    /* only in 0.9.8m+ */
-    SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) &
-                                ~SSL_CTX_get_options(sscf->ssl.ctx));
+        /* only in 0.9.8m+ */
+        SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) &
+                                    ~SSL_CTX_get_options(sscf->ssl.ctx));
 #endif
 
-    SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
+        SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
+    }
 
     return SSL_TLSEXT_ERR_OK;
 }