Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6902:5cb85b0ee00b
SSL: clear error queue after OPENSSL_init_ssl().
The function may leave error in the error queue while returning success,
e.g., when taking a DSO reference to itself as of OpenSSL 1.1.0d:
https://git.openssl.org/?p=openssl.git;a=commit;h=4af9f7f
Notably, this fixes alert seen with statically linked OpenSSL on some platforms.
While here, check OPENSSL_init_ssl() return value.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 06 Feb 2017 18:38:06 +0300 |
| parents | 75e7d55214bd |
| children | 08dc60979133 |
comparison
equal
deleted
inserted
replaced
| 6901:72bb626484a4 | 6902:5cb85b0ee00b |
|---|---|
| 119 ngx_int_t | 119 ngx_int_t |
| 120 ngx_ssl_init(ngx_log_t *log) | 120 ngx_ssl_init(ngx_log_t *log) |
| 121 { | 121 { |
| 122 #if OPENSSL_VERSION_NUMBER >= 0x10100003L | 122 #if OPENSSL_VERSION_NUMBER >= 0x10100003L |
| 123 | 123 |
| 124 OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); | 124 if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) { |
| 125 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "OPENSSL_init_ssl() failed"); | |
| 126 return NGX_ERROR; | |
| 127 } | |
| 128 | |
| 129 /* | |
| 130 * OPENSSL_init_ssl() may leave errors in the error queue | |
| 131 * while returning success | |
| 132 */ | |
| 133 | |
| 134 ERR_clear_error(); | |
| 125 | 135 |
| 126 #else | 136 #else |
| 127 | 137 |
| 128 OPENSSL_config(NULL); | 138 OPENSSL_config(NULL); |
| 129 | 139 |