summaryrefslogtreecommitdiffhomepage
path: root/src/event
diff options
context:
space:
mode:
authorSergey Kandaurov <pluknet@nginx.com>2025-11-06 17:30:41 +0400
committerSergey Kandaurov <s.kandaurov@f5.com>2025-11-10 20:01:28 +0400
commit38a701d88b14f0747003c4e893d9fb13f51639ca (patch)
tree02b6dc521ddb85247bde8a4387402a22da2547c2 /src/event
parentac99f2808b9ff7bdce91b129539cb1ed30dd1458 (diff)
downloadnginx-38a701d88b14f0747003c4e893d9fb13f51639ca.tar.gz
nginx-38a701d88b14f0747003c4e893d9fb13f51639ca.tar.bz2
SSL: ngx_ssl_set_client_hello_callback() error handling.
The function interface is changed to follow a common approach to other functions used to setup SSL_CTX, with an exception of "ngx_conf_t *cf" since it is not bound to nginx configuration. This is required to report and propagate SSL_CTX_set_ex_data() errors, as reminded by Coverity (CID 1668589).
Diffstat (limited to 'src/event')
-rw-r--r--src/event/ngx_event_openssl.c25
-rw-r--r--src/event/ngx_event_openssl.h2
2 files changed, 20 insertions, 7 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 5175d7a7e..4f07894ff 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1872,21 +1872,34 @@ ngx_ssl_new_client_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
}
-void
-ngx_ssl_set_client_hello_callback(SSL_CTX *ssl_ctx,
- ngx_ssl_client_hello_arg *cb)
+ngx_int_t
+ngx_ssl_set_client_hello_callback(ngx_ssl_t *ssl, ngx_ssl_client_hello_arg *cb)
{
#ifdef SSL_CLIENT_HELLO_SUCCESS
- SSL_CTX_set_client_hello_cb(ssl_ctx, ngx_ssl_client_hello_callback, NULL);
- SSL_CTX_set_ex_data(ssl_ctx, ngx_ssl_client_hello_arg_index, cb);
+ SSL_CTX_set_client_hello_cb(ssl->ctx, ngx_ssl_client_hello_callback, NULL);
+
+ if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_client_hello_arg_index, cb) == 0)
+ {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "SSL_CTX_set_ex_data() failed");
+ return NGX_ERROR;
+ }
#elif defined OPENSSL_IS_BORINGSSL
SSL_CTX_set_select_certificate_cb(ssl_ctx, ngx_ssl_select_certificate);
- SSL_CTX_set_ex_data(ssl_ctx, ngx_ssl_client_hello_arg_index, cb);
+
+ if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_client_hello_arg_index, cb) == 0)
+ {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "SSL_CTX_set_ex_data() failed");
+ return NGX_ERROR;
+ }
#endif
+
+ return NGX_OK;
}
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index ae0e173de..a156c4bb9 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -286,7 +286,7 @@ ngx_int_t ngx_ssl_session_ticket_keys(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_array_t *paths);
ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data);
-void ngx_ssl_set_client_hello_callback(SSL_CTX *ssl_ctx,
+ngx_int_t ngx_ssl_set_client_hello_callback(ngx_ssl_t *ssl,
ngx_ssl_client_hello_arg *cb);
#ifdef SSL_CLIENT_HELLO_SUCCESS
int ngx_ssl_client_hello_callback(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg);