Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7892:34a3a1a2d197
SSL: SSL_CTX_set_tmp_dh() error handling.
For example, it can fail due to weak DH parameters.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 04 Aug 2021 21:27:51 +0300 |
parents | 573bd30e46b4 |
children | 37be19a3c0ee |
comparison
equal
deleted
inserted
replaced
7891:573bd30e46b4 | 7892:34a3a1a2d197 |
---|---|
1374 "PEM_read_bio_DHparams(\"%s\") failed", file->data); | 1374 "PEM_read_bio_DHparams(\"%s\") failed", file->data); |
1375 BIO_free(bio); | 1375 BIO_free(bio); |
1376 return NGX_ERROR; | 1376 return NGX_ERROR; |
1377 } | 1377 } |
1378 | 1378 |
1379 SSL_CTX_set_tmp_dh(ssl->ctx, dh); | 1379 if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) { |
1380 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
1381 "SSL_CTX_set_tmp_dh(\"%s\") failed", file->data); | |
1382 DH_free(dh); | |
1383 BIO_free(bio); | |
1384 return NGX_ERROR; | |
1385 } | |
1380 | 1386 |
1381 DH_free(dh); | 1387 DH_free(dh); |
1382 BIO_free(bio); | 1388 BIO_free(bio); |
1383 | 1389 |
1384 return NGX_OK; | 1390 return NGX_OK; |