Skip to content

Net: fix crash on HTTP connection to ACME server. #52

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 16, 2025
Merged

Net: fix crash on HTTP connection to ACME server. #52

merged 1 commit into from
Sep 16, 2025

Conversation

bavshin-f5
Copy link
Member

Plain HTTP connections are prohibited by the ACME specification, so we did not have this scenario in our test automation and overlooked the regression during the pre-release code cleanup. Nonetheless, some server implementations allow such configuration and more importantly the HTTP client code should be useful as an example for other modules.

Copilot
Copilot AI reviewed Sep 16, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a crash that occurs when attempting to verify SSL peer certificates on plain HTTP connections to ACME servers. The fix adds proper null checks to prevent calling SSL verification functions on non-SSL connections.

  • Added null check in verify_peer() to return an error instead of crashing when called on non-SSL connections
  • Modified HTTP client to only perform SSL verification when an SSL connection is actually established

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
src/net/peer_conn.rs Added null check for SSL connection before attempting peer verification
src/net/http.rs Added condition to only verify SSL peers when SSL is present

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@bavshin-f5
Net: fix crash on HTTP connection to ACME server.
18ba2ae 
Plain HTTP connections are prohibited by the ACME specification, so we
did not have this scenario in our test automation and overlooked the
regression during the pre-release code cleanup. Nonetheless, some server
implementations allow such configuration and more importantly the HTTP
client code should be useful as an example for other modules.
xeioex
xeioex approved these changes Sep 16, 2025
View reviewed changes
Copy link
Contributor

@xeioex xeioex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@bavshin-f5 bavshin-f5 merged commit 739eaa0 into nginx:main Sep 16, 2025
14 checks passed
@bavshin-f5 bavshin-f5 deleted the http-issuer branch September 16, 2025 00:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@xeioex xeioex xeioex approved these changes

@ensh63 ensh63 Awaiting requested review from ensh63

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bavshin-f5 @xeioex