Mercurial > hg > nginx-quic
changeset 6902:5cb85b0ee00b
SSL: clear error queue after OPENSSL_init_ssl().
The function may leave error in the error queue while returning success,
e.g., when taking a DSO reference to itself as of OpenSSL 1.1.0d:
https://git.openssl.org/?p=openssl.git;a=commit;h=4af9f7f
Notably, this fixes alert seen with statically linked OpenSSL on some platforms.
While here, check OPENSSL_init_ssl() return value.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 06 Feb 2017 18:38:06 +0300 |
parents | 72bb626484a4 |
children | 92e771de7d89 |
files | src/event/ngx_event_openssl.c |
diffstat | 1 files changed, 11 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -121,7 +121,17 @@ ngx_ssl_init(ngx_log_t *log) { #if OPENSSL_VERSION_NUMBER >= 0x10100003L - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); + if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) { + ngx_ssl_error(NGX_LOG_ALERT, log, 0, "OPENSSL_init_ssl() failed"); + return NGX_ERROR; + } + + /* + * OPENSSL_init_ssl() may leave errors in the error queue + * while returning success + */ + + ERR_clear_error(); #else