From: Vladimir Homutov <vl@nginx.com>
Date: Thu, 19 Jan 2017 13:20:07 +0000 (+0300)
Subject: Stream: client SSL certificates were not checked in some cases.
X-Git-Tag: release-1.11.9~7
X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=620c9a4c44087069c0a50be96748b98be7d497a8;p=nginx.git

Stream: client SSL certificates were not checked in some cases.

If ngx_stream_ssl_init_connection() succeeded immediately, the check was not
done.

The bug had appeared in 1.11.8 (41cb1b64561d).
---

diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
index 414d32824..2f242b666 100644
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -284,6 +284,7 @@ ngx_stream_ssl_handler(ngx_stream_session_t *s)
 {
     long                    rc;
     X509                   *cert;
+    ngx_int_t               rv;
     ngx_connection_t       *c;
     ngx_stream_ssl_conf_t  *sslcf;
 
@@ -305,7 +306,11 @@ ngx_stream_ssl_handler(ngx_stream_session_t *s)
             return NGX_ERROR;
         }
 
-        return ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+        rv = ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+
+        if (rv != NGX_OK) {
+            return rv;
+        }
     }
 
     if (sslcf->verify) {