nginx

mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00

An official read-only mirror of http://hg.nginx.org/nginx/ which is updated hourly. Pull requests on GitHub cannot be accepted and will be automatically closed. The proper way to submit changes to nginx is via the nginx development mailing list, see http://nginx.org/en/docs/contributing_changes.html

Go to file

Sergey Kandaurov 059bbfa960 SNI: added restriction for TLSv1.3 cross-SNI session resumption. In OpenSSL, session resumption always happens in the default SSL context, prior to invoking the SNI callback. Further, unlike in TLSv1.2 and older protocols, SSL_get_servername() returns values received in the resumption handshake, which may be different from the value in the initial handshake. Notably, this makes the restriction added in `b720f650b` insufficient for sessions resumed with different SNI server name. Considering the example from `b720f650b`, previously, a client was able to request example.org by presenting a certificate for example.org, then to resume and request example.com. The fix is to reject handshakes resumed with a different server name, if verification of client certificates is enabled in a corresponding server configuration.		2025-02-05 19:27:05 +04:00
auto	Configure: fixed --with-libatomic=DIR with recent libatomic_ops.	2025-02-05 19:27:05 +04:00
conf	MIME: added image/avif type.	2021-10-25 20:49:15 +03:00
contrib	Contrib: vim syntax, update core and 3rd party module directives.	2023-07-24 18:04:41 +03:00
docs	Moved LICENSE and README to root.	2025-02-05 19:27:05 +04:00
misc	Updated OpenSSL used for win32 builds.	2025-02-05 19:27:05 +04:00
src	SNI: added restriction for TLSv1.3 cross-SNI session resumption.	2025-02-05 19:27:05 +04:00
.hgtags	release-1.26.2 tag	2024-08-12 18:28:31 +04:00
LICENSE	Moved LICENSE and README to root.	2025-02-05 19:27:05 +04:00
README	Moved LICENSE and README to root.	2025-02-05 19:27:05 +04:00

README

Documentation is available at http://nginx.org