jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

nginx segfault bugfix - https://trac.nginx.org/nginx/ticket/1646

openssl-1.1.1
Hakase 2018-10-03 19:25:37 +09:00
parent abe6e1bf5e
commit d435a2c386
No known key found for this signature in database
GPG Key ID: BB2821A9E0DF48C9
1 changed files with 19 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
nginx_openssl-1.1.x_renegotiation_bugfix.patch
View File

@ -1,25 +1,23 @@
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 3a0e150d..f080b2d7 100644 --- a/src/http/ngx_http_request.c
--- a/src/event/ngx_event_openssl.c +++ b/src/http/ngx_http_request.c
+++ b/src/event/ngx_event_openssl.c @@ -854,7 +854,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *
@@ -350,6 +350,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION);
#endif
+#ifdef SSL_OP_NO_RENEGOTIATION c = ngx_ssl_get_connection(ssl_conn);
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_RENEGOTIATION);
+#endif
+
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
#endif
@@ -1294,9 +1298,6 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
} else {
SSL_set_accept_state(sc->connection);
-#ifdef SSL_OP_NO_RENEGOTIATION - if (c->ssl->renegotiation) {
- SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION); + if (c->ssl->handshaked) {
-#endif return SSL_TLSEXT_ERR_NOACK;
} }
if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) { @@ -919,6 +919,10 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *
#endif
SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
+
+#ifdef SSL_OP_NO_RENEGOTIATION
+ SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION);
+#endif
}
return SSL_TLSEXT_ERR_OK;