You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

nginx_openssl-1.1.x_renegotiation_bugfix.patch 646B

1234567891011121314151617181920212223
  1. diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
  2. --- a/src/http/ngx_http_request.c
  3. +++ b/src/http/ngx_http_request.c
  4. @@ -854,7 +854,7 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *
  5. c = ngx_ssl_get_connection(ssl_conn);
  6. - if (c->ssl->renegotiation) {
  7. + if (c->ssl->handshaked) {
  8. return SSL_TLSEXT_ERR_NOACK;
  9. }
  10. @@ -919,6 +919,10 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *
  11. #endif
  12. SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
  13. +
  14. +#ifdef SSL_OP_NO_RENEGOTIATION
  15. + SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION);
  16. +#endif
  17. }
  18. return SSL_TLSEXT_ERR_OK;