nginx.git/src/event, branch release-1.17.0

SSL: removed OpenSSL 0.9.7 compatibility.

2016-04-11T12:46:36+00:00

OCSP stapling: fixed segfault with dynamic certificate loading.

2019-04-15T16:13:09+00:00

If OCSP stapling was enabled with dynamic certificate loading, with some
OpenSSL versions (1.0.2o and older, 1.1.0h and older; fixed in 1.0.2p,
1.1.0i, 1.1.1) a segmentation fault might happen.

The reason is that during an abbreviated handshake the certificate
callback is not called, but the certificate status callback was called
(https://github.com/openssl/openssl/issues/1662), leading to NULL being
returned from SSL_get_certificate().

Fix is to explicitly check SSL_get_certificate() result.

OCSP stapling: open ssl_stapling_file in binary-mode.

2019-04-03T12:35:39+00:00

OCSP response uses the DER format and as such needs to be opened in binary-mode.
This only has any effect under Win32.

SSL: missing free calls in $ssl_client_s_dn and $ssl_client_i_dn.

2019-03-26T06:33:57+00:00

If X509_get_issuer_name() or X509_get_subject_name() returned NULL,
this could lead to a certificate reference leak.  It cannot happen
in practice though, since each function returns an internal pointer
to a mandatory subfield of the certificate successfully decoded by
d2i_X509() during certificate message processing (closes #1751).

SSL: support for parsing PEM certificates from memory.

2019-03-09T00:03:56+00:00

This makes it possible to provide certificates directly via variables
in ssl_certificate / ssl_certificate_key directives, without using
intermediate files.

SSL: removed redundant "pkey" variable.

2019-03-08T23:55:43+00:00

It was accidentally introduced in 77436d9951a1 (1.15.9).  In MSVC 2015
and more recent MSVC versions it triggers warning C4456 (declaration of
'pkey' hides previous local declaration).  Previously, all such warnings
were resolved in 2a621245f4cf.

Reported by Steve Stevenson.

SSL: use of the SSL_OP_NO_CLIENT_RENEGOTIATION option.

2019-03-03T13:49:02+00:00

The SSL_OP_NO_CLIENT_RENEGOTIATION option was introduced in LibreSSL 2.5.1.
Unlike OpenSSL's SSL_OP_NO_RENEGOTIATION, it only disables client-initiated
renegotiation, and hence can be safely used on all SSL contexts.

SSL: server name callback changed to return fatal errors.

2019-03-03T13:48:06+00:00

Notably this affects various allocation errors, and should generally
improve things if an allocation error actually happens during a callback.

Depending on the OpenSSL version, returning an error can result in
either SSL_R_CALLBACK_FAILED or SSL_R_CLIENTHELLO_TLSEXT error from
SSL_do_handshake(), so both errors were switched to the "info" level.

SSL: adjusted session id context with dynamic certificates.

2019-02-25T13:42:54+00:00

Dynamic certificates re-introduce problem with incorrect session
reuse (AKA "virtual host confusion", CVE-2014-3616), since there are
no server certificates to generate session id context from.

To prevent this, session id context is now generated from ssl_certificate
directives as specified in the configuration.  This approach prevents
incorrect session reuse in most cases, while still allowing sharing
sessions across multiple machines with ssl_session_ticket_key set as
long as configurations are identical.

SSL: passwords support for dynamic certificate loading.

2019-02-25T13:42:23+00:00

Passwords have to be copied to the configuration pool to be used
at runtime.  Also, to prevent blocking on stdin (with "daemon off;")
an empty password list is provided.

To make things simpler, password handling was modified to allow
an empty array (with 0 elements and elts set to NULL) as an equivalent
of an array with 1 empty password.