[nginx] Stream: client SSL certificates were not checked in some cases.
Vladimir Homutov
vl at nginx.com
Thu Jan 19 13:32:18 UTC 2017
details: http://hg.nginx.org/nginx/rev/1818acd8442f
branches:
changeset: 6871:1818acd8442f
user: Vladimir Homutov <vl at nginx.com>
date: Thu Jan 19 16:20:07 2017 +0300
description:
Stream: client SSL certificates were not checked in some cases.
If ngx_stream_ssl_init_connection() succeeded immediately, the check was not
done.
The bug had appeared in 1.11.8 (41cb1b64561d).
diffstat:
src/stream/ngx_stream_ssl_module.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diffs (24 lines):
diff -r 0a08a8babf53 -r 1818acd8442f src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c Thu Jan 19 16:17:05 2017 +0300
+++ b/src/stream/ngx_stream_ssl_module.c Thu Jan 19 16:20:07 2017 +0300
@@ -284,6 +284,7 @@ ngx_stream_ssl_handler(ngx_stream_sessio
{
long rc;
X509 *cert;
+ ngx_int_t rv;
ngx_connection_t *c;
ngx_stream_ssl_conf_t *sslcf;
@@ -305,7 +306,11 @@ ngx_stream_ssl_handler(ngx_stream_sessio
return NGX_ERROR;
}
- return ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+ rv = ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+
+ if (rv != NGX_OK) {
+ return rv;
+ }
}
if (sslcf->verify) {
More information about the nginx-devel
mailing list