SSL: using default server context in session remove (closes #1464).
This fixes segfault in configurations with multiple virtual servers sharing
the same port, where a non-default virtual server block misses certificate.
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 5668bf4..a2663f0 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1902,7 +1902,7 @@
"client SSL certificate verify error: (%l:%s)",
rc, X509_verify_cert_error_string(rc));
- ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));
ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
@@ -1916,7 +1916,7 @@
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent no required SSL certificate");
- ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));
ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
index f6b26ed..bc3e6b9 100644
--- a/src/mail/ngx_mail_handler.c
+++ b/src/mail/ngx_mail_handler.c
@@ -302,7 +302,7 @@
"client SSL certificate verify error: (%l:%s)",
rc, X509_verify_cert_error_string(rc));
- ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
@@ -323,7 +323,7 @@
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent no required SSL certificate");
- ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
index 1e9973f..3e5a1f2 100644
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -328,7 +328,7 @@
"client SSL certificate verify error: (%l:%s)",
rc, X509_verify_cert_error_string(rc));
- ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));
return NGX_ERROR;
}
@@ -340,7 +340,7 @@
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent no required SSL certificate");
- ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
+ ngx_ssl_remove_cached_session(c->ssl->session_ctx,
(SSL_get0_session(c->ssl->connection)));
return NGX_ERROR;
}