IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fixed mismerge of ssl_reject_handshake in 71b7453fb11f.

Browse Source 
In particular, this fixes rejecting "listen .. quic|http3" configurations
without TLSv1.3 configured.
This commit is contained in:
Sergey Kandaurov 2021-09-29 15:01:53 +03:00
parent 4d92aa7957
commit 2765b63216
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/http/modules/ngx_http_ssl_module.c
View File

@ -1385,14 +1385,23 @@ ngx_http_ssl_init(ngx_conf_t *cf)
sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
if (sscf->certificates) {
if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"\"ssl_protocols\" must enable TLSv1.3 for "
"the \"listen ... %s\" directive in %s:%ui",
name, cscf->file_name, cscf->line);
return NGX_ERROR;
}
continue;
}
if (!sscf->reject_handshake) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate\" is defined for "
"the \"listen ... ssl\" directive in %s:%ui",
cscf->file_name, cscf->line);
"the \"listen ... %s\" directive in %s:%ui",
name, cscf->file_name, cscf->line);
return NGX_ERROR;
}
@ -1417,14 +1426,6 @@ ngx_http_ssl_init(ngx_conf_t *cf)
name, cscf->file_name, cscf->line);
return NGX_ERROR;
}
if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"\"ssl_protocols\" did not enable TLSv1.3 for "
"the \"listen ... %s\" directives in %s:%ui",
name, cscf->file_name, cscf->line);
return NGX_ERROR;
}
}
}