Fijxu/nginx-quic
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

SSL: abort handshake on SSL_set_SSL_CTX() errors.

Browse source 
In rare cases, such as memory allocation failure, SSL_set_SSL_CTX() returns
NULL, which could mean that a different SSL configuration has not been set.
Note that this new behaviour seemingly originated in OpenSSL-1.1.0 release.
This commit is contained in:
Sergey Kandaurov 2020-09-24 13:51:29 +01:00
parent 6fc2fe625a
commit 22caa5b254
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/http/ngx_http_request.c
View file

@ -932,7 +932,10 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
c->ssl->buffer_size = sscf->buffer_size;
if (sscf->ssl.ctx) {
SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx);
if (SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx) == NULL) {
*ad = SSL_AD_INTERNAL_ERROR;
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
/*
* SSL_set_SSL_CTX() only changes certs as of 1.0.0d