SSL: fixed possible segfault on renegotiation (ticket #845).

Skip SSL_CTX_set_tlsext_servername_callback in case of renegotiation. Do nothing in SNI callback as in this case it will be supplied with request in c->data which isn't expected and doesn't work this way. This was broken by b40af2fd1c16 (1.9.6) with OpenSSL master branch and LibreSSL.
author: Sergey Kandaurov <pluknet@nginx.com> 2015-12-08 16:59:43 +0300
committer: Sergey Kandaurov <pluknet@nginx.com> 2015-12-08 16:59:43 +0300
commit: 79fcf261d0b50c03ae2780b5588b59ed2eb7ad88 (patch)
tree: fb93f82fc31a4ab5c623a004f63fd9edcb6ba4c7
parent: 1be1e1133543dae1e3b99fc5708a0d67eaa1fd20 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index b68a13d3..99e93250 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -837,6 +837,10 @@ ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
 
     c = ngx_ssl_get_connection(ssl_conn);
 
+    if (c->ssl->renegotiation) {
+        return SSL_TLSEXT_ERR_NOACK;
+    }
+
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
                    "SSL server name: \"%s\"", servername);
author	Sergey Kandaurov <pluknet@nginx.com>	2015-12-08 16:59:43 +0300
committer	Sergey Kandaurov <pluknet@nginx.com>	2015-12-08 16:59:43 +0300
commit	79fcf261d0b50c03ae2780b5588b59ed2eb7ad88 (patch)
tree	fb93f82fc31a4ab5c623a004f63fd9edcb6ba4c7
parent	1be1e1133543dae1e3b99fc5708a0d67eaa1fd20 (diff)