jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix strict-sni bug.

openssl-1.1.1
Hakase 2018-10-09 06:31:22 +09:00
parent cbc1c1b2dc
commit d27fbc0aee
No known key found for this signature in database
GPG Key ID: BB2821A9E0DF48C9
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nginx_strict-sni.patch
View File

@ -1,5 +1,5 @@
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 75129134..e9ea5231 100644 index 75129134..30c236b4 100644
--- a/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c
@@ -2547,6 +2547,9 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, @@ -2547,6 +2547,9 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
@ -25,8 +25,8 @@ index 75129134..e9ea5231 100644
+ f = ERR_GET_FUNC(ERR_peek_error()); + f = ERR_GET_FUNC(ERR_peek_error());
+ if (f == SSL_F_FINAL_SERVER_NAME) { + if (f == SSL_F_FINAL_SERVER_NAME) {
+ while (ERR_peek_error()) { + while (ERR_peek_error()) {
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, + ngx_ssl_error(NGX_LOG_DEBUG, c->log, 0,
+ "ignoring ssl error at STRICT SNI block"); + "ignoring ssl error at STRICT SNI block");
+ } + }
+ ERR_clear_error(); + ERR_clear_error();
+ return; + return;
@ -38,7 +38,7 @@ index 75129134..e9ea5231 100644
if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */ if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */
#ifdef SSL_R_NO_SUITABLE_KEY_SHARE #ifdef SSL_R_NO_SUITABLE_KEY_SHARE
diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
index c57ec00c..a14d68a9 100644 index c57ec00c..be60d375 100644
--- a/src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c
@@ -441,6 +441,20 @@ static ngx_command_t ngx_http_core_commands[] = { @@ -441,6 +441,20 @@ static ngx_command_t ngx_http_core_commands[] = {
@ -94,7 +94,7 @@ index 4c6da7c0..04e14d09 100644
ngx_flag_t tcp_nodelay; /* tcp_nodelay */ ngx_flag_t tcp_nodelay; /* tcp_nodelay */
ngx_flag_t reset_timedout_connection; /* reset_timedout_connection */ ngx_flag_t reset_timedout_connection; /* reset_timedout_connection */
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 7dd28b8c..1901129d 100644 index 7dd28b8c..0e4fc6ae 100644
--- a/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c
@@ -846,14 +846,18 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) @@ -846,14 +846,18 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)