Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5365:6c35a1f428f2
SSL: clear error queue after SSL_CTX_load_verify_locations().
The SSL_CTX_load_verify_locations() may leave errors in the error queue
while returning success (e.g. if there are duplicate certificates in the file
specified), resulting in "ignoring stale global SSL error" alerts later
at runtime.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 04 Sep 2013 21:17:02 +0400 |
parents | 314c3d7cc3a5 |
children | a73678f5f96f |
comparison
equal
deleted
inserted
replaced
5364:941c5e3561ed | 5365:6c35a1f428f2 |
---|---|
361 "SSL_CTX_load_verify_locations(\"%s\") failed", | 361 "SSL_CTX_load_verify_locations(\"%s\") failed", |
362 cert->data); | 362 cert->data); |
363 return NGX_ERROR; | 363 return NGX_ERROR; |
364 } | 364 } |
365 | 365 |
366 /* | |
367 * SSL_CTX_load_verify_locations() may leave errors in the error queue | |
368 * while returning success | |
369 */ | |
370 | |
371 ERR_clear_error(); | |
372 | |
366 list = SSL_load_client_CA_file((char *) cert->data); | 373 list = SSL_load_client_CA_file((char *) cert->data); |
367 | 374 |
368 if (list == NULL) { | 375 if (list == NULL) { |
369 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 376 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
370 "SSL_load_client_CA_file(\"%s\") failed", cert->data); | 377 "SSL_load_client_CA_file(\"%s\") failed", cert->data); |
404 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 411 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
405 "SSL_CTX_load_verify_locations(\"%s\") failed", | 412 "SSL_CTX_load_verify_locations(\"%s\") failed", |
406 cert->data); | 413 cert->data); |
407 return NGX_ERROR; | 414 return NGX_ERROR; |
408 } | 415 } |
416 | |
417 /* | |
418 * SSL_CTX_load_verify_locations() may leave errors in the error queue | |
419 * while returning success | |
420 */ | |
421 | |
422 ERR_clear_error(); | |
409 | 423 |
410 return NGX_OK; | 424 return NGX_OK; |
411 } | 425 } |
412 | 426 |
413 | 427 |