Hello! On Tue, Aug 22, 2017 at 09:58:32PM +0100, Paulo Pacheco wrote:
> Hi, > > Is this patch the right way to do it? > > My motivation was this: https://github.com/fooinha/nginx-ssl-ja3 Saving the list of TLS extensions for future use just in case we'll need it in some 3rd-party module looks suboptimal, so please don't expected this patch to be merged. [...] > @@ -1229,6 +1283,10 @@ > > ngx_ssl_clear_error(c->log); > > +#if OPENSSL_VERSION_NUMBER >= 0x10101000L > + SSL_CTX_set_early_cb(c->ssl->session_ctx, ngx_SSL_early_cb_fn, c); > +#endif > + Modifications of SSL contexts should be done during configuration, not at run-time. Instead, you should do this when a context is configured, somewhere in ngx_http_ssl_merge_srv_conf() after the ngx_ssl_create() call. Note well that you can install callback in your own module - this will be a hack and the code will break if/when nginx will start using SSL_CTX_set_early_cb() for some reason, but this will allow your module to work for now without any modifications of nginx core. This approach should be good enough at least for experiments. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
