SSL: ngx_ssl_set_client_hello_callback() error handling.

The function interface is changed to follow a common approach to other functions used to setup SSL_CTX, with an exception of "ngx_conf_t *cf" since it is not bound to nginx configuration. This is required to report and propagate SSL_CTX_set_ex_data() errors, as reminded by Coverity (CID 1668589).
author: Sergey Kandaurov <pluknet@nginx.com> 2025-11-06 17:30:41 +0400
committer: Sergey Kandaurov <s.kandaurov@f5.com> 2025-11-10 20:01:28 +0400
commit: 38a701d88b14f0747003c4e893d9fb13f51639ca (patch)
tree: 02b6dc521ddb85247bde8a4387402a22da2547c2 /src/http/modules
parent: ac99f2808b9ff7bdce91b129539cb1ed30dd1458 (diff)
download: nginx-38a701d88b14f0747003c4e893d9fb13f51639ca.tar.gz
nginx-38a701d88b14f0747003c4e893d9fb13f51639ca.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index dc82472d3..c71a5de08 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -758,7 +758,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     {
     static ngx_ssl_client_hello_arg cb = { ngx_http_ssl_servername };
 
-    ngx_ssl_set_client_hello_callback(conf->ssl.ctx, &cb);
+    if (ngx_ssl_set_client_hello_callback(&conf->ssl, &cb) != NGX_OK) {
+        return NGX_CONF_ERROR;
+    }
 
     if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
                                                ngx_http_ssl_servername)
author	Sergey Kandaurov <pluknet@nginx.com>	2025-11-06 17:30:41 +0400
committer	Sergey Kandaurov <s.kandaurov@f5.com>	2025-11-10 20:01:28 +0400
commit	38a701d88b14f0747003c4e893d9fb13f51639ca (patch)
tree	02b6dc521ddb85247bde8a4387402a22da2547c2 /src/http/modules
parent	ac99f2808b9ff7bdce91b129539cb1ed30dd1458 (diff)
download	nginx-38a701d88b14f0747003c4e893d9fb13f51639ca.tar.gz nginx-38a701d88b14f0747003c4e893d9fb13f51639ca.tar.bz2