Opened 5 years ago

Closed 5 years ago

#904 closed defect (invalid)

Servername without semi-colon won't throw an error when used with SSL

Reported by: buzzy.xtra@… Owned by:
Priority: major Milestone:
Component: nginx-core Version: 1.8.x
Keywords: server_name semi-colon Cc:
uname -a: Linux TS00 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.8.1
built by gcc 4.9.2 (Debian 4.9.2-10)
built with OpenSSL 1.0.1k 8 Jan 2015
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,--as-needed' --with-ipv6

Description

Adding the following won't throw an error:

(note that server_name doesn't have the semi-colon)
server {

listen 443;
server_name xxx.yyy.zzz

ssl on;
ssl_certificate /example.crt;
ssl_certificate_key /example.key;
ssl_session_timeout 5m;

location / {

proxy_pass http://www.example.com;
}

}

the above example will start nginx only the server block won't work.
Without the SSL part it will give you an error as expected:

server {

listen 443;
server_name xxx.yyy.zzz

location / {

proxy_pass http://www.example.com;
}

}

The error:
nginx: [emerg] directive "server_name" is not terminated by ";" in /etc/nginx/conf.d/default.conf:128

Change History (1)

comment:1 by Maxim Dounin, 5 years ago

Resolution: invalid
Status: newclosed

The problem is "ssl" and "on" are valid server names, and according to config file syntax nginx isn't able to find out if the semicolon is missing or not, as the resulting configuration without semicolon is perfectly valid. Compare:

server_name foo bar ssl on;
server_name foo bar; ssl on;

In the later case the "{" is not allowed to be in the server_name unquoted, and so nginx is able to detect the error and complain.

Note: See TracTickets for help on using tickets.