Stream: client SSL certificates were not checked in some cases. If ngx_stream_ssl_init_connection() succeeded immediately, the check was not done. The bug had appeared in 1.11.8 (41cb1b64561d).

commit: fc12029d300179ebf85d83287651d84170d9e670 [log] [tgz]
author: Vladimir Homutov <vl@nginx.com> Thu Jan 19 16:20:07 2017 +0300
committer: Vladimir Homutov <vl@nginx.com> Thu Jan 19 16:20:07 2017 +0300
tree: 3f9ffbdcc365005bbb1ecd3be21a8714e8bffba1
parent: b67ff2605be4ce2d01b205ffdba49da3382cddf2 [diff]
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
index 414d328..2f242b6 100644
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c

@@ -284,6 +284,7 @@
 {
     long                    rc;
     X509                   *cert;
+    ngx_int_t               rv;
     ngx_connection_t       *c;
     ngx_stream_ssl_conf_t  *sslcf;
 
@@ -305,7 +306,11 @@
             return NGX_ERROR;
         }
 
-        return ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+        rv = ngx_stream_ssl_init_connection(&sslcf->ssl, c);
+
+        if (rv != NGX_OK) {
+            return rv;
+        }
     }
 
     if (sslcf->verify) {
commit	fc12029d300179ebf85d83287651d84170d9e670	[log] [tgz]
author	Vladimir Homutov <vl@nginx.com>	Thu Jan 19 16:20:07 2017 +0300
committer	Vladimir Homutov <vl@nginx.com>	Thu Jan 19 16:20:07 2017 +0300
tree	3f9ffbdcc365005bbb1ecd3be21a8714e8bffba1
parent	b67ff2605be4ce2d01b205ffdba49da3382cddf2 [diff]