#178 closed defect (fixed)
listen with ssl but missing ssl_certificate is not detected by nginx -t
Reported by: | Gunnlaugur Þór Briem | Owned by: | somebody |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.2.x |
Keywords: | Cc: | ||
uname -a: | Linux stimpy.datamarket.net 2.6.26-2-amd64 #1 SMP Wed Sep 21 03:36:44 UTC 2011 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.2.1
built by gcc 4.3.2 (Debian 4.3.2-1.1) TLS SNI support enabled configure arguments: --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_ssl_module --with-http_stub_status_module |
Description
I just added the line:
listen 443 ssl;
to one of my extra (non-production) vhosts, but forgot to add the ssl_certificate
and ssl_certificate_key
.
That's my mistake. But nginx -t
did not catch the mistake, and nginx -s reload
did apply the changed configuration ... and our production site (which also has listen 443 ssl;
) now failed all HTTPS requests with:
2012/06/15 17:21:35 [error] 18931#0: *2322994 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: xxx.xxx.xx.xxx, server: 0.0.0.0:443
Usually nginx does catch my config mistakes at parse time and thus prevents me from breaking things. I think it could and should have done so in this instance too.
Change History (6)
comment:1 by , 9 years ago
sensitive: | → 0 |
---|---|
Status: | new → accepted |
comment:2 by , 8 years ago
Note:
See TracTickets
for help on using tickets.
See also #1073.