Open
Description
```c
ngx_int_t
ngx_ssl_handshake(ngx_connection_t *c)
{
int n, sslerr;
ngx_err_t err;
ngx_int_t rc;
#ifdef SSL_READ_EARLY_DATA_SUCCESS
if (c->ssl->try_early_data) {
return ngx_ssl_try_early_data(c);
}
#endif
if (c->ssl->in_ocsp) {
return ngx_ssl_ocsp_validate(c);
}
ngx_ssl_clear_error(c->log);
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
SSL_CTX_set_client_hello_cb(c->ssl->session_ctx, ngx_SSL_early_cb_fn, c);
#endif
```c
int
ngx_SSL_early_cb_fn(SSL *s, int *al, void *arg) {
int got_extensions;
int *ext_out;
size_t ext_len;
ngx_connection_t *c;
c = arg;
if (c == NULL) {
return 1;
}
if (c->ssl == NULL) {
return 1;
}
c->ssl->extensions_size = 0;
c->ssl->extensions = NULL;
got_extensions = SSL_client_hello_get1_extensions_present(s,
&ext_out,
&ext_len);
if (!got_extensions) {
return 1;
}
if (!ext_out) {
return 1;
}
if (!ext_len) {
return 1;
}
c->ssl->extensions = ngx_palloc(c->pool, sizeof(int) * ext_len);
if (c->ssl->extensions != NULL) {
c->ssl->extensions_size = ext_len;
ngx_memcpy(c->ssl->extensions, ext_out, sizeof(int) * ext_len);
}
OPENSSL_free(ext_out);
return 1;
}
Probably the reason for core is that c->ssl->extensions = ngx_palloc(c->pool, sizeof(int) * ext_len); The pool of connection has been released
solution:
SSL_CTX_set_client_hello_cb does not pass the args parameter. In ngx_SSL_early_cb_fn, use the built-in c = ngx_ssl_get_connection(s) of nginx to obtain the connection, and the core problem can be solved
Metadata
Metadata
Assignees
Labels
No labels