diff options
author | Maxim Dounin <mdounin@mdounin.ru> | 2019-04-15 19:13:09 +0300 |
---|---|---|
committer | Maxim Dounin <mdounin@mdounin.ru> | 2019-04-15 19:13:09 +0300 |
commit | 5784889fb907485978919b91c2c7f6bf0c4843e3 (patch) | |
tree | 3cf7fcf23556b14a7c351ed9bc62d70e9742ec0c | |
parent | aaa1a5706033bd0e33de7beb237e52e2a19a3245 (diff) |
OCSP stapling: fixed segfault with dynamic certificate loading.
If OCSP stapling was enabled with dynamic certificate loading, with some
OpenSSL versions (1.0.2o and older, 1.1.0h and older; fixed in 1.0.2p,
1.1.0i, 1.1.1) a segmentation fault might happen.
The reason is that during an abbreviated handshake the certificate
callback is not called, but the certificate status callback was called
(https://github.com/openssl/openssl/issues/1662), leading to NULL being
returned from SSL_get_certificate().
Fix is to explicitly check SSL_get_certificate() result.
-rw-r--r-- | src/event/ngx_event_openssl_stapling.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c index 7d0a1701f..c832aa0a2 100644 --- a/src/event/ngx_event_openssl_stapling.c +++ b/src/event/ngx_event_openssl_stapling.c @@ -511,6 +511,11 @@ ngx_ssl_certificate_status_callback(ngx_ssl_conn_t *ssl_conn, void *data) rc = SSL_TLSEXT_ERR_NOACK; cert = SSL_get_certificate(ssl_conn); + + if (cert == NULL) { + return rc; + } + staple = X509_get_ex_data(cert, ngx_ssl_stapling_index); if (staple == NULL) { |