jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Add Strict-SNI 

Thanks @JemmyLoveJenny

Issue link : https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-421551872
openssl-1.1.1
Hakase 2018-09-15 21:10:17 +09:00
parent 3efa1495f6
commit d4baca8e77
No known key found for this signature in database
GPG Key ID: BB2821A9E0DF48C9
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
nginx_strict-sni.patch Normal file
View File

@ -0,0 +1,31 @@
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 98cc8c7..0810526 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -849,7 +849,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name);
if (servername == NULL) {
- return SSL_TLSEXT_ERR_NOACK;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
}
c = ngx_ssl_get_connection(ssl_conn);
@@ -864,7 +864,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
host.len = ngx_strlen(servername);
if (host.len == 0) {
- return SSL_TLSEXT_ERR_NOACK;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
}
host.data = (u_char *) servername;
@@ -879,7 +879,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
NULL, &cscf)
!= NGX_OK)
{
- return SSL_TLSEXT_ERR_NOACK;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
}
hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));