Mercurial > hg > nginx-quic
changeset 8566:34a3a1a2d197
SSL: SSL_CTX_set_tmp_dh() error handling.
For example, it can fail due to weak DH parameters.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 04 Aug 2021 21:27:51 +0300 |
parents | 573bd30e46b4 |
children | 7a6afd584eb4 |
files | src/event/ngx_event_openssl.c |
diffstat | 1 files changed, 7 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1376,7 +1376,13 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_ return NGX_ERROR; } - SSL_CTX_set_tmp_dh(ssl->ctx, dh); + if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) { + ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, + "SSL_CTX_set_tmp_dh(\"%s\") failed", file->data); + DH_free(dh); + BIO_free(bio); + return NGX_ERROR; + } DH_free(dh); BIO_free(bio);