Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 5365:6c35a1f428f2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: clear error queue after SSL_CTX_load_verify_locations(). The SSL_CTX_load_verify_locations() may leave errors in the error queue while returning success (e.g. if there are duplicate certificates in the file specified), resulting in "ignoring stale global SSL error" alerts later at runtime.
author Maxim Dounin <mdounin@mdounin.ru>
date Wed, 04 Sep 2013 21:17:02 +0400
parents 314c3d7cc3a5
children a73678f5f96f
comparison
equal deleted inserted replaced
5364:941c5e3561ed 5365:6c35a1f428f2
361 "SSL_CTX_load_verify_locations(\"%s\") failed", 361 "SSL_CTX_load_verify_locations(\"%s\") failed",
362 cert->data); 362 cert->data);
363 return NGX_ERROR; 363 return NGX_ERROR;
364 } 364 }
365 365
366 /*
367 * SSL_CTX_load_verify_locations() may leave errors in the error queue
368 * while returning success
369 */
370
371 ERR_clear_error();
372
366 list = SSL_load_client_CA_file((char *) cert->data); 373 list = SSL_load_client_CA_file((char *) cert->data);
367 374
368 if (list == NULL) { 375 if (list == NULL) {
369 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, 376 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
370 "SSL_load_client_CA_file(\"%s\") failed", cert->data); 377 "SSL_load_client_CA_file(\"%s\") failed", cert->data);
404 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, 411 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
405 "SSL_CTX_load_verify_locations(\"%s\") failed", 412 "SSL_CTX_load_verify_locations(\"%s\") failed",
406 cert->data); 413 cert->data);
407 return NGX_ERROR; 414 return NGX_ERROR;
408 } 415 }
416
417 /*
418 * SSL_CTX_load_verify_locations() may leave errors in the error queue
419 * while returning success
420 */
421
422 ERR_clear_error();
409 423
410 return NGX_OK; 424 return NGX_OK;
411 } 425 }
412 426
413 427