summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docs/changes.xml8
-rw-r--r--src/nxt_openssl.c10
2 files changed, 13 insertions, 5 deletions
diff --git a/docs/changes.xml b/docs/changes.xml
index 2aa9bb65..634bf9cd 100644
--- a/docs/changes.xml
+++ b/docs/changes.xml
@@ -45,6 +45,14 @@ process and thread lifecycle hooks in Ruby.
<change type="bugfix">
<para>
+TLS connection was rejected for configuration with more than one
+certificate bundle in a listener if a client did not use SNI.
+</para>
+</change>
+
+
+<change type="bugfix">
+<para>
the router process could crash on TLS connection open when multiple listeners
with TLS certificate configured; the bug had appeared in 1.23.0.
</para>
diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
index 3b5d4fda..297e11cf 100644
--- a/src/nxt_openssl.c
+++ b/src/nxt_openssl.c
@@ -804,15 +804,15 @@ nxt_openssl_servername(SSL *s, int *ad, void *arg)
}
servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
- if (nxt_slow_path(servername == NULL)) {
- nxt_log(c->socket.task, NXT_LOG_ALERT, "SSL_get_servername() returned "
- "NULL in server name callback");
- return SSL_TLSEXT_ERR_ALERT_FATAL;
+
+ if (servername == NULL) {
+ nxt_debug(c->socket.task, "SSL_get_servername(): NULL");
+ goto done;
}
str.length = nxt_strlen(servername);
if (str.length == 0) {
- nxt_debug(c->socket.task, "client sent zero-length server name");
+ nxt_debug(c->socket.task, "SSL_get_servername(): \"\" is empty");
goto done;
}