Hakase 5 months ago
parent
commit
d435a2c386
Signed by: Hakase <hakase@hakase.app> GPG Key ID: BB2821A9E0DF48C9
1 changed files with 17 additions and 19 deletions
  1. 17
    19
      nginx_openssl-1.1.x_renegotiation_bugfix.patch

+ 17
- 19
nginx_openssl-1.1.x_renegotiation_bugfix.patch View File

@@ -1,25 +1,23 @@
1
-diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
2
-index 3a0e150d..f080b2d7 100644
3
---- a/src/event/ngx_event_openssl.c
4
-+++ b/src/event/ngx_event_openssl.c
5
-@@ -350,6 +350,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
6
-     SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION);
1
+diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
2
+--- a/src/http/ngx_http_request.c
3
++++ b/src/http/ngx_http_request.c
4
+@@ -854,7 +854,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *
5
+ 
6
+     c = ngx_ssl_get_connection(ssl_conn);
7
+ 
8
+-    if (c->ssl->renegotiation) {
9
++    if (c->ssl->handshaked) {
10
+         return SSL_TLSEXT_ERR_NOACK;
11
+     }
12
+ 
13
+@@ -919,6 +919,10 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *
7 14
  #endif
8 15
  
16
+         SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
17
++
9 18
 +#ifdef SSL_OP_NO_RENEGOTIATION
10
-+    SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_RENEGOTIATION);
19
++        SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION);
11 20
 +#endif
12
-+
13
- #ifdef SSL_OP_NO_COMPRESSION
14
-     SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
15
- #endif
16
-@@ -1294,9 +1298,6 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
17
-     } else {
18
-         SSL_set_accept_state(sc->connection);
19
- 
20
--#ifdef SSL_OP_NO_RENEGOTIATION
21
--        SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);
22
--#endif
23 21
      }
24 22
  
25
-     if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
23
+     return SSL_TLSEXT_ERR_OK;

Loading…
Cancel
Save