From d27fbc0aee76d2cf5585baf5f9291b33d1cd5b7a Mon Sep 17 00:00:00 2001 From: Hakase Date: Tue, 9 Oct 2018 06:31:22 +0900 Subject: [PATCH] Fix strict-sni bug. --- nginx_strict-sni.patch | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/nginx_strict-sni.patch b/nginx_strict-sni.patch index 12e0bd3..a845a77 100644 --- a/nginx_strict-sni.patch +++ b/nginx_strict-sni.patch @@ -1,5 +1,5 @@ diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c -index 75129134..e9ea5231 100644 +index 75129134..30c236b4 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -2547,6 +2547,9 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, @@ -25,8 +25,8 @@ index 75129134..e9ea5231 100644 + f = ERR_GET_FUNC(ERR_peek_error()); + if (f == SSL_F_FINAL_SERVER_NAME) { + while (ERR_peek_error()) { -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, -+ "ignoring ssl error at STRICT SNI block"); ++ ngx_ssl_error(NGX_LOG_DEBUG, c->log, 0, ++ "ignoring ssl error at STRICT SNI block"); + } + ERR_clear_error(); + return; @@ -38,7 +38,7 @@ index 75129134..e9ea5231 100644 if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */ #ifdef SSL_R_NO_SUITABLE_KEY_SHARE diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c -index c57ec00c..a14d68a9 100644 +index c57ec00c..be60d375 100644 --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -441,6 +441,20 @@ static ngx_command_t ngx_http_core_commands[] = { @@ -94,7 +94,7 @@ index 4c6da7c0..04e14d09 100644 ngx_flag_t tcp_nodelay; /* tcp_nodelay */ ngx_flag_t reset_timedout_connection; /* reset_timedout_connection */ diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c -index 7dd28b8c..1901129d 100644 +index 7dd28b8c..0e4fc6ae 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -846,14 +846,18 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)