diff options
Diffstat (limited to 'src/event')
| -rw-r--r-- | src/event/ngx_event_openssl.c | 12 | ||||
| -rw-r--r-- | src/event/ngx_event_openssl.h | 1 |
2 files changed, 11 insertions, 2 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index dfb816055..2eef87e5e 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1793,6 +1793,13 @@ ngx_ssl_handshake(ngx_connection_t *c) return NGX_ERROR; } + if (c->ssl->handshake_rejected) { + ngx_connection_error(c, err, "handshake rejected"); + ERR_clear_error(); + + return NGX_ERROR; + } + c->read->error = 1; ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed"); @@ -3354,8 +3361,9 @@ ngx_ssl_session_id_context(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, } } - if (SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index) == NULL) { - + if (SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index) == NULL + && certificates != NULL) + { /* * If certificates are loaded dynamically, we use certificate * names as specified in the configuration (with variables). diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index 821bb13d1..329760d09 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -95,6 +95,7 @@ struct ngx_ssl_connection_s { u_char early_buf; unsigned handshaked:1; + unsigned handshake_rejected:1; unsigned renegotiation:1; unsigned buffer:1; unsigned no_wait_shutdown:1; |