[nginx] SSL: fixed ssl_buffer_size on SNI virtual hosts (ticket #1192).

Maxim Dounin mdounin at mdounin.ru
Fri Feb 3 13:58:09 UTC 2017

details:   http://hg.nginx.org/nginx/rev/72bb626484a4
changeset: 6901:72bb626484a4
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Thu Feb 02 20:29:16 2017 +0300
SSL: fixed ssl_buffer_size on SNI virtual hosts (ticket #1192).

Previously, buffer size was not changed from the one saved during
initial ngx_ssl_create_connection(), even if the buffer itself was not
yet created.  Fix is to change c->ssl->buffer_size in the SNI callback.

Note that it should be also possible to update buffer size even in non-SNI
virtual hosts as long as the buffer is not yet allocated.  This looks
like an overcomplication though.


 src/http/ngx_http_request.c |  2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diffs (12 lines):

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -884,6 +884,8 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *
     sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
+    c->ssl->buffer_size = sscf->buffer_size;
     if (sscf->ssl.ctx) {
         SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx);

More information about the nginx-devel mailing list