jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Improved patch to nginx strict sni

openssl-1.1.1
Hakase 2018-10-07 20:07:53 +09:00
parent efa8059dec
commit 4ddf4e3fc0
No known key found for this signature in database
GPG Key ID: BB2821A9E0DF48C9
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nginx_strict-sni.patch
View File

@ -1,5 +1,5 @@
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 75129134..d0b926fe 100644 index 75129134..4b4821bd 100644
--- a/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c
@@ -2547,6 +2547,7 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, @@ -2547,6 +2547,7 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
@ -10,24 +10,25 @@ index 75129134..d0b926fe 100644
ngx_uint_t level; ngx_uint_t level;
level = NGX_LOG_CRIT; level = NGX_LOG_CRIT;
@@ -2582,6 +2583,17 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, @@ -2583,6 +2584,18 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
} else if (sslerr == SSL_ERROR_SSL) {
n = ERR_GET_REASON(ERR_peek_error()); n = ERR_GET_REASON(ERR_peek_error());
+ f = ERR_GET_FUNC(ERR_peek_error());
+
+ /* Strict SNI Error Patch + /* Strict SNI Error Patch
+ * https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427040319 + * https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427040319
+ */ + */
+ if (n == SSL_R_CALLBACK_FAILED + if (n == SSL_R_CALLBACK_FAILED) {
+ && f == SSL_F_FINAL_SERVER_NAME) { + f = ERR_GET_FUNC(ERR_peek_error());
+ if (f == SSL_F_FINAL_SERVER_NAME) {
+ ERR_peek_error(); + ERR_peek_error();
+ ERR_clear_error(); + ERR_clear_error();
+ return; + return;
+ } + }
+ }
+
/* handshake failures */ /* handshake failures */
if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */ if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */
#ifdef SSL_R_NO_SUITABLE_KEY_SHARE
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 7dd28b8c..5e5bbed1 100644 index 7dd28b8c..5e5bbed1 100644
--- a/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c
@ -59,4 +60,3 @@ index 7dd28b8c..5e5bbed1 100644
} }
hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t)); hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));