openssl-patch/nginx_strict-sni.patch

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c	2018-09-15 10:02:36.520076032 +0000
+++ b/src/http/ngx_http_request.c	2018-09-15 10:26:32.826874950 +0000
@@ -882,7 +882,7 @@
     servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name);
 
     if (servername == NULL) {
-        return SSL_TLSEXT_ERR_NOACK;
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
     }
 
     c = ngx_ssl_get_connection(ssl_conn);
@@ -897,7 +897,7 @@
     host.len = ngx_strlen(servername);
 
     if (host.len == 0) {
-        return SSL_TLSEXT_ERR_NOACK;
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
     }
 

     host.data = (u_char *) servername;
@@ -912,7 +912,7 @@
                                      NULL, &cscf)
         != NGX_OK)
     {
-        return SSL_TLSEXT_ERR_NOACK;
+        return SSL_TLSEXT_ERR_ALERT_FATAL;
     }
 
     hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c    2018-10-02 15:13:36.414143028 +0000
+++ b/src/event/ngx_event_openssl.c    2018-10-04 13:58:28.756873433 +0000
@@ -1456,6 +1456,13 @@ ngx_ssl_handshake(ngx_connection_t *c)

     c->read->error = 1;

+
+    if (sslerr == SSL_ERROR_SSL) {
+        ERR_peek_error();
+        ERR_clear_error();
+        return NGX_ERROR;
+    }
+
     ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");

     return NGX_ERROR;
Add Strict-SNI Thanks @JemmyLoveJenny Issue link : https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-421551872 2018-09-15 12:10:17 +00:00			`diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c`
Update nginx strict sni. Issue: https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427040319 2018-10-04 14:39:24 +00:00			`--- a/src/http/ngx_http_request.c 2018-09-15 10:02:36.520076032 +0000`
			`+++ b/src/http/ngx_http_request.c 2018-09-15 10:26:32.826874950 +0000`
			`@@ -882,7 +882,7 @@`
Add Strict-SNI Thanks @JemmyLoveJenny Issue link : https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-421551872 2018-09-15 12:10:17 +00:00			`servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name);`

			`if (servername == NULL) {`
			`- return SSL_TLSEXT_ERR_NOACK;`
			`+ return SSL_TLSEXT_ERR_ALERT_FATAL;`
			`}`

			`c = ngx_ssl_get_connection(ssl_conn);`
Update nginx strict sni. Issue: https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427040319 2018-10-04 14:39:24 +00:00			`@@ -897,7 +897,7 @@`
Add Strict-SNI Thanks @JemmyLoveJenny Issue link : https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-421551872 2018-09-15 12:10:17 +00:00			`host.len = ngx_strlen(servername);`

			`if (host.len == 0) {`
			`- return SSL_TLSEXT_ERR_NOACK;`
			`+ return SSL_TLSEXT_ERR_ALERT_FATAL;`
			`}`

Update nginx strict sni. Issue: https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427040319 2018-10-04 14:39:24 +00:00
Add Strict-SNI Thanks @JemmyLoveJenny Issue link : https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-421551872 2018-09-15 12:10:17 +00:00			`host.data = (u_char *) servername;`
Update nginx strict sni. Issue: https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427040319 2018-10-04 14:39:24 +00:00			`@@ -912,7 +912,7 @@`
Add Strict-SNI Thanks @JemmyLoveJenny Issue link : https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-421551872 2018-09-15 12:10:17 +00:00			`NULL, &cscf)`
			`!= NGX_OK)`
			`{`
			`- return SSL_TLSEXT_ERR_NOACK;`
			`+ return SSL_TLSEXT_ERR_ALERT_FATAL;`
			`}`

			`hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));`
Update nginx strict sni. Issue: https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427040319 2018-10-04 14:39:24 +00:00
			`diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c`
			`--- a/src/event/ngx_event_openssl.c 2018-10-02 15:13:36.414143028 +0000`
			`+++ b/src/event/ngx_event_openssl.c 2018-10-04 13:58:28.756873433 +0000`
			`@@ -1456,6 +1456,13 @@ ngx_ssl_handshake(ngx_connection_t *c)`

			`c->read->error = 1;`

			`+`
			`+ if (sslerr == SSL_ERROR_SSL) {`
			`+ ERR_peek_error();`
			`+ ERR_clear_error();`
			`+ return NGX_ERROR;`
			`+ }`
			`+`
			`ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");`

			`return NGX_ERROR;`