Browse Source

Add strict-sni patch file.

master
Hakase 6 months ago
parent
commit
fb4941736c
Signed by: Hakase <hakase@hakase.app> GPG Key ID: BB2821A9E0DF48C9
2 changed files with 47 additions and 1 deletions
  1. 0
    1
      .gitignore
  2. 47
    0
      strict-sni-example.patch

+ 0
- 1
.gitignore View File

@@ -2,7 +2,6 @@
2 2
 *~
3 3
 *.orig
4 4
 *.rej
5
-*.patch
6 5
 
7 6
 # Build files
8 7
 /objs

+ 47
- 0
strict-sni-example.patch View File

@@ -0,0 +1,47 @@
1
+diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
2
+index 98cc8c7..0810526 100644
3
+--- a/src/http/ngx_http_request.c
4
++++ b/src/http/ngx_http_request.c
5
+@@ -849,7 +849,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
6
+     servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name);
7
+
8
+     if (servername == NULL) {
9
+-        return SSL_TLSEXT_ERR_NOACK;
10
++        return SSL_TLSEXT_ERR_ALERT_FATAL;
11
+     }
12
+
13
+     c = ngx_ssl_get_connection(ssl_conn);
14
+@@ -864,7 +864,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
15
+     host.len = ngx_strlen(servername);
16
+
17
+     if (host.len == 0) {
18
+-        return SSL_TLSEXT_ERR_NOACK;
19
++        return SSL_TLSEXT_ERR_ALERT_FATAL;
20
+     }
21
+
22
+     host.data = (u_char *) servername;
23
+@@ -879,7 +879,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
24
+                                      NULL, &cscf)
25
+         != NGX_OK)
26
+     {
27
+-        return SSL_TLSEXT_ERR_NOACK;
28
++        return SSL_TLSEXT_ERR_ALERT_FATAL;
29
+     }
30
+
31
+     hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
32
+diff --git a/lib/openssl/ssl/statem/extensions.c b/lib/openssl/ssl/statem/extensions.c
33
+index 8422161dc1..675446e59f 100644
34
+--- a/lib/openssl/ssl/statem/extensions.c
35
++++ b/lib/openssl/ssl/statem/extensions.c
36
+@@ -998,7 +998,9 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
37
+
38
+     switch (ret) {
39
+     case SSL_TLSEXT_ERR_ALERT_FATAL:
40
+-        SSLfatal(s, altmp, SSL_F_FINAL_SERVER_NAME, SSL_R_CALLBACK_FAILED);
41
++        s->statem.in_init = 1;
42
++        s->statem.state = MSG_FLOW_ERROR;
43
++        ssl3_send_alert(s, SSL3_AL_FATAL, altmp);
44
+         return 0;
45
+
46
+     case SSL_TLSEXT_ERR_ALERT_WARNING:
47
+

Loading…
Cancel
Save