Hello! I have a couple of questions regarding the two last comments:
On Wed, Aug 21, 2013 at 5:30 PM, Maxim Dounin <[email protected]> wrote: > Hello! > [..] >> @@ -3748,6 +3786,13 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, n >> != NGX_OK) >> { >> return NGX_ERROR; >> + } >> + >> + if (ngx_ssl_set_verify_options(plcf->upstream.ssl, >> + &plcf->upstream.ssl_certificate, plcf->upstream.ssl_verify_depth) >> + != NGX_OK) >> + { >> + return NGX_ERROR; >> } > > This is called before options used are correctly set. Where do you think this call should be performed? Should we add a postconfiguration callback for the proxy module from which this would be called? (BTW, I'll remove ngx_ssl_set_verify_options() and use ngx_ssl_trusted_certificate() directly instead, as it is better) > > (There is also a style problem here, but it doesn't really matter > as you'll have to rewrite the code anyway.) > > [...] > >> @@ -1334,6 +1341,11 @@ ngx_http_upstream_ssl_handshake(ngx_conn >> >> ngx_http_upstream_send_request(r, u); >> >> + c = r->connection; >> + >> +fail: >> + ngx_http_run_posted_requests(c); >> + >> return; >> } >> > > You probably missed my previous comment. You have a use after > free problem here. Try triggering an error in > ngx_http_upstream_send_request() with NGX_DEBUG_MALLOC defined, it > should segfault. You're right, I've missed it... Should we check before ngx_http_send_request() is called whether or not the request has a parent request, and accordingly decide later whether to call ngx_http_run_posted_requests() or not? > > [...] > > -- > Maxim Dounin > http://nginx.org/en/donation.html > > _______________________________________________ > nginx-devel mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx-devel Best regrads, Aviram _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
