Opened 8 years ago
Closed 8 years ago
#904 closed defect (invalid)
Servername without semi-colon won't throw an error when used with SSL
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-core | Version: | 1.8.x |
| Keywords: | server_name semi-colon | Cc: | |
| uname -a: | Linux TS00 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.8.1
built by gcc 4.9.2 (Debian 4.9.2-10) built with OpenSSL 1.0.1k 8 Jan 2015 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed' --with-ipv6 |
||
Description
Adding the following won't throw an error:
(note that server_name doesn't have the semi-colon)
server {
listen 443;
server_name xxx.yyy.zzz
ssl on;
ssl_certificate /example.crt;
ssl_certificate_key /example.key;
ssl_session_timeout 5m;
location / {
proxy_pass http://www.example.com;
}
}
the above example will start nginx only the server block won't work.
Without the SSL part it will give you an error as expected:
server {
listen 443;
server_name xxx.yyy.zzz
location / {
proxy_pass http://www.example.com;
}
}
The error:
nginx: [emerg] directive "server_name" is not terminated by ";" in /etc/nginx/conf.d/default.conf:128
The problem is "ssl" and "on" are valid server names, and according to config file syntax nginx isn't able to find out if the semicolon is missing or not, as the resulting configuration without semicolon is perfectly valid. Compare:
In the later case the "{" is not allowed to be in the server_name unquoted, and so nginx is able to detect the error and complain.