Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7959:efbcecbe5805 stable-1.20
SSL: SSL_CTX_set_tmp_dh() error handling.
For example, it can fail due to weak DH parameters.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 04 Aug 2021 21:27:51 +0300 |
parents | 9b72da2b5b57 |
children | 37be19a3c0ee |
comparison
equal
deleted
inserted
replaced
7958:9b72da2b5b57 | 7959:efbcecbe5805 |
---|---|
1374 "PEM_read_bio_DHparams(\"%s\") failed", file->data); | 1374 "PEM_read_bio_DHparams(\"%s\") failed", file->data); |
1375 BIO_free(bio); | 1375 BIO_free(bio); |
1376 return NGX_ERROR; | 1376 return NGX_ERROR; |
1377 } | 1377 } |
1378 | 1378 |
1379 SSL_CTX_set_tmp_dh(ssl->ctx, dh); | 1379 if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) { |
1380 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
1381 "SSL_CTX_set_tmp_dh(\"%s\") failed", file->data); | |
1382 DH_free(dh); | |
1383 BIO_free(bio); | |
1384 return NGX_ERROR; | |
1385 } | |
1380 | 1386 |
1381 DH_free(dh); | 1387 DH_free(dh); |
1382 BIO_free(bio); | 1388 BIO_free(bio); |
1383 | 1389 |
1384 return NGX_OK; | 1390 return NGX_OK; |