Google Git
Sign in
nginx/nginx/6000f4ad6d1e5ea69b3e0925217d08401a3d1774^!/.
commit
6000f4ad6d1e5ea69b3e0925217d08401a3d1774
[log]
author
Valentin Bartenev <vbart@nginx.com>
Wed Feb 27 17:38:54 2013 +0000
committer
Valentin Bartenev <vbart@nginx.com>
Wed Feb 27 17:38:54 2013 +0000
tree
36a96b5002438cb52da3a736362c0f8accbaa3e7
parent
f61612532cb53e89cd6b27d24c9112a07021b6e3 [diff]
SNI: reset to default server if requested host was not found.

Not only this is consistent with a case without SNI, but this also
prevents abusing configurations that assume that the $host variable
is limited to one of the configured names for a server.

An example of potentially unsafe configuration:

  server {
      listen 443 ssl default_server;
      ...
  }

  server {
      listen 443;
      server_name example.com;

      location / {
          proxy_pass http://$host;
      }
  }

Note: it is possible to negotiate "example.com" by SNI, and to request
arbitrary host name that does not exist in the configuration above.

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 44c5009..bb4caca 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c

@@ -1869,6 +1869,17 @@
         return NGX_ERROR;
     }
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+
+    if (hc->ssl_servername) {
+        if (rc == NGX_DECLINED) {
+            cscf = hc->addr_conf->default_server;
+            rc = NGX_OK;
+        }
+    }
+
+#endif
+
     if (rc == NGX_DECLINED) {
         return NGX_OK;
     }