From f909a7dc331621a8638ea46056e437b8be1496da Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Thu, 27 Feb 2020 19:03:21 +0300
Subject: [PATCH] Disabled connection reuse while in SSL handshake.

During SSL handshake, the connection could be reused in the OCSP stapling
callback, if configured, which subsequently leads to a segmentation fault.
---
 src/http/ngx_http_request.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 99fa6967d..bb69e71d0 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -748,6 +748,8 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
                 return;
             }
 
+            ngx_reusable_connection(c, 0);
+
             rc = ngx_ssl_handshake(c);
 
             if (rc == NGX_AGAIN) {
@@ -756,8 +758,6 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
                     ngx_add_timer(rev, c->listening->post_accept_timeout);
                 }
 
-                ngx_reusable_connection(c, 0);
-
                 c->ssl->handler = ngx_http_ssl_handshake_handler;
                 return;
             }