From 38a701d88b14f0747003c4e893d9fb13f51639ca Mon Sep 17 00:00:00 2001 From: Sergey Kandaurov Date: Thu, 6 Nov 2025 17:30:41 +0400 Subject: SSL: ngx_ssl_set_client_hello_callback() error handling. The function interface is changed to follow a common approach to other functions used to setup SSL_CTX, with an exception of "ngx_conf_t *cf" since it is not bound to nginx configuration. This is required to report and propagate SSL_CTX_set_ex_data() errors, as reminded by Coverity (CID 1668589). --- src/stream/ngx_stream_ssl_module.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/stream/ngx_stream_ssl_module.c') diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c index b4a722a68..6a5160f27 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -1008,7 +1008,9 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) { static ngx_ssl_client_hello_arg cb = { ngx_stream_ssl_servername }; - ngx_ssl_set_client_hello_callback(conf->ssl.ctx, &cb); + if (ngx_ssl_set_client_hello_callback(&conf->ssl, &cb) != NGX_OK) { + return NGX_CONF_ERROR; + } SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, ngx_stream_ssl_servername); -- cgit