Thanks to visit codestin.com
Credit goes to github.com

Skip to content

SSL: changed interface of ngx_ssl_set_client_hello_callback(). #968

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

SSL: changed interface of ngx_ssl_set_client_hello_callback(). #968

wants to merge 1 commit into from
+26 −9

Conversation

@pluknet
Copy link
Contributor

@pluknet pluknet commented Nov 6, 2025

The function interface is changed to use a standard approach of "ngx_int_t func(.., ngx_ssl_t *ssl, ..)" similar to other functions used to setup SSL_CTX, with the exception that "ngx_conf_t *cf" is omitted for simplicity as it is not bound to nginx configuration.

This is required to properly handle and report SSL_CTX_set_ex_data() errors, as reminded by Coverity (CID 1668589).

@pluknet
SSL: changed interface of ngx_ssl_set_client_hello_callback().
9e9b996 
The function interface is changed to use a standard approach of
"ngx_int_t func(.., ngx_ssl_t *ssl, ..)" similar to other functions
used to setup SSL_CTX, with the exception that "ngx_conf_t *cf" is
omitted for simplicity as it is not bound to nginx configuration.

This is required to properly handle and report SSL_CTX_set_ex_data()
errors, as reminded by Coverity (CID 1668589).
@pluknet pluknet added this to the nginx-1.29.4 milestone Nov 6, 2025
@pluknet pluknet requested a review from bavshin-f5 November 6, 2025 13:48
@pluknet pluknet self-assigned this Nov 6, 2025
@pluknet pluknet added the bug label Nov 6, 2025
@pluknet
Copy link
Contributor Author

pluknet commented Nov 6, 2025

@bavshin-f5
ngx_ssl_set_client_hello_callback() is a configuration helper, it should not be used in 3rd-party modules.
It is not used in nginx-acme, for instance, according to my records.
Still you might be interested to take a look.

bavshin-f5
bavshin-f5 approved these changes Nov 6, 2025
View reviewed changes
Copy link
Member

@bavshin-f5 bavshin-f5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

IMO, the commit message reads a bit backwards, because you fixed missing error handling for SSL_CTX_set_ex_data() and, as a result, changed the interface. It's still perfectly clear, though, so I don't insist on rewording.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bavshin-f5 bavshin-f5 bavshin-f5 approved these changes

Assignees

@pluknet pluknet

Labels

bug

Projects

None yet

Milestone

nginx-1.29.4

Development

Successfully merging this pull request may close these issues.

2 participants

@pluknet @bavshin-f5