#178 closed defect (fixed)
listen with ssl but missing ssl_certificate is not detected by nginx -t
| Reported by: | Gunnlaugur Þór Briem | Owned by: | somebody |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.2.x |
| Keywords: | Cc: | ||
| uname -a: | Linux stimpy.datamarket.net 2.6.26-2-amd64 #1 SMP Wed Sep 21 03:36:44 UTC 2011 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.2.1
built by gcc 4.3.2 (Debian 4.3.2-1.1) TLS SNI support enabled configure arguments: --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_ssl_module --with-http_stub_status_module |
||
Description
I just added the line:
listen 443 ssl;
to one of my extra (non-production) vhosts, but forgot to add the ssl_certificate and ssl_certificate_key.
That's my mistake. But nginx -t did not catch the mistake, and nginx -s reload did apply the changed configuration ... and our production site (which also has listen 443 ssl;) now failed all HTTPS requests with:
2012/06/15 17:21:35 [error] 18931#0: *2322994 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: xxx.xxx.xx.xxx, server: 0.0.0.0:443
Usually nginx does catch my config mistakes at parse time and thus prevents me from breaking things. I think it could and should have done so in this instance too.
Change History (7)
comment:1 by , 8 years ago
| sensitive: | → 0 |
|---|---|
| Status: | new → accepted |
comment:2 by , 8 years ago
Note:
See TracTickets
for help on using tickets.
See also #1073.