diff --git a/lib/http2/ssl-http2.c b/lib/http2/ssl-http2.c index 05d69536..f80b95e5 100644 --- a/lib/http2/ssl-http2.c +++ b/lib/http2/ssl-http2.c @@ -103,6 +103,9 @@ int lws_h2_configure_if_upgraded(struct lws *wsi) char cstr[10]; unsigned len; + if (!wsi->ssl) + return 0; + SSL_get0_alpn_selected(wsi->ssl, &name, &len); if (!len) { lwsl_info("no ALPN upgrade\n"); diff --git a/lib/server/ssl-server.c b/lib/server/ssl-server.c index 3e6ed96b..30e4a173 100644 --- a/lib/server/ssl-server.c +++ b/lib/server/ssl-server.c @@ -207,6 +207,11 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) wsi->use_ssl = 0; lws_tls_server_abort_connection(wsi); + /* + * care... this creates wsi with no ssl + * when ssl is enabled and normally + * mandatory + */ wsi->ssl = NULL; if (lws_check_opt(context->options, LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS)) @@ -280,7 +285,7 @@ accepted: /* adapt our vhost to match the SNI SSL_CTX that was chosen */ vh = context->vhost_list; while (vh) { - if (!vh->being_destroyed && + if (!vh->being_destroyed && wsi->ssl && vh->ssl_ctx == lws_tls_ctx_from_wsi(wsi)) { lwsl_info("setting wsi to vh %s\n", vh->name); wsi->vhost = vh; diff --git a/lib/tls/mbedtls/ssl.c b/lib/tls/mbedtls/ssl.c index 10c03884..55325448 100644 --- a/lib/tls/mbedtls/ssl.c +++ b/lib/tls/mbedtls/ssl.c @@ -295,6 +295,9 @@ lws_ssl_context_destroy(struct lws_context *context) lws_tls_ctx * lws_tls_ctx_from_wsi(struct lws *wsi) { + if (!wsi->ssl) + return NULL; + return SSL_get_SSL_CTX(wsi->ssl); } diff --git a/lib/tls/openssl/ssl.c b/lib/tls/openssl/ssl.c index faef7e7e..a6c47984 100644 --- a/lib/tls/openssl/ssl.c +++ b/lib/tls/openssl/ssl.c @@ -456,6 +456,9 @@ lws_ssl_context_destroy(struct lws_context *context) lws_tls_ctx * lws_tls_ctx_from_wsi(struct lws *wsi) { + if (!wsi->ssl) + return NULL; + return SSL_get_SSL_CTX(wsi->ssl); }