[PATCH] SSL: stop loading configs with invalid "ssl_ciphers" values.
Piotr Sikora
piotr at cloudflare.com
Mon Sep 23 05:37:21 UTC 2013
# HG changeset patch
# User Piotr Sikora <piotr at cloudflare.com>
# Date 1379914571 25200
# Sun Sep 22 22:36:11 2013 -0700
# Node ID 0fbcfab0bfd72dbc40c3ee75665e81a08ed2fa0b
# Parent 2d947c2e3ea1b3144239f028c8e2af895d95fff4
SSL: stop loading configs with invalid "ssl_ciphers" values.
While there, remove unnecessary check in ngx_mail_ssl_module.
Signed-off-by: Piotr Sikora <piotr at cloudflare.com>
diff -r 2d947c2e3ea1 -r 0fbcfab0bfd7 src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c Fri Sep 20 17:57:21 2013 +0300
+++ b/src/http/modules/ngx_http_ssl_module.c Sun Sep 22 22:36:11 2013 -0700
@@ -561,6 +561,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"SSL_CTX_set_cipher_list(\"%V\") failed",
&conf->ciphers);
+ return NGX_CONF_ERROR;
}
if (conf->verify) {
diff -r 2d947c2e3ea1 -r 0fbcfab0bfd7 src/mail/ngx_mail_ssl_module.c
--- a/src/mail/ngx_mail_ssl_module.c Fri Sep 20 17:57:21 2013 +0300
+++ b/src/mail/ngx_mail_ssl_module.c Sun Sep 22 22:36:11 2013 -0700
@@ -287,15 +287,14 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf,
return NGX_CONF_ERROR;
}
- if (conf->ciphers.len) {
- if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
- (const char *) conf->ciphers.data)
- == 0)
- {
- ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
- "SSL_CTX_set_cipher_list(\"%V\") failed",
- &conf->ciphers);
- }
+ if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
+ (const char *) conf->ciphers.data)
+ == 0)
+ {
+ ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
+ "SSL_CTX_set_cipher_list(\"%V\") failed",
+ &conf->ciphers);
+ return NGX_CONF_ERROR;
}
if (conf->prefer_server_ciphers) {
More information about the nginx-devel
mailing list