[nginx] SSL: fixed possible segfault with dynamic certificates.

Mon, 25 Feb 2019 10:35:56 -0800 

details:   https://hg.nginx.org/nginx/rev/48c87377aabd
branches:  
changeset: 7466:48c87377aabd
user:      Maxim Dounin <mdou...@mdounin.ru>
date:      Mon Feb 25 21:16:26 2019 +0300
description:
SSL: fixed possible segfault with dynamic certificates.

A virtual server may have no SSL context if it does not have certificates
defined, so we have to use config of the ngx_http_ssl_module from the
SSL context in the certificate callback.  To do so, it is now passed as
the argument of the callback.

The stream module doesn't really need any changes, but was modified as
well to match http code.

diffstat:

 src/http/modules/ngx_http_ssl_module.c |  2 +-
 src/http/ngx_http_request.c            |  2 +-
 src/stream/ngx_stream_ssl_module.c     |  4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diffs (45 lines):

diff --git a/src/http/modules/ngx_http_ssl_module.c 
b/src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -741,7 +741,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
 
         /* install callback to lookup certificates */
 
-        SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, NULL);
+        SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, conf);
 
 #else
         ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -973,7 +973,7 @@ ngx_http_ssl_certificate(ngx_ssl_conn_t 
 
     r->logged = 1;
 
-    sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
+    sscf = arg;
 
     nelts = sscf->certificate_values->nelts;
     certs = sscf->certificate_values->elts;
diff --git a/src/stream/ngx_stream_ssl_module.c 
b/src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -434,7 +434,7 @@ ngx_stream_ssl_certificate(ngx_ssl_conn_
 
     s = c->data;
 
-    sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module);
+    sslcf = arg;
 
     nelts = sslcf->certificate_values->nelts;
     certs = sslcf->certificate_values->elts;
@@ -692,7 +692,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf
 
         /* install callback to lookup certificates */
 
-        SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, NULL);
+        SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, conf);
 
 #else
         ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply via email to