Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7959:efbcecbe5805 stable-1.20
SSL: SSL_CTX_set_tmp_dh() error handling.
For example, it can fail due to weak DH parameters.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 04 Aug 2021 21:27:51 +0300 |
| parents | 9b72da2b5b57 |
| children | 37be19a3c0ee |
comparison
equal
deleted
inserted
replaced
| 7958:9b72da2b5b57 | 7959:efbcecbe5805 |
|---|---|
| 1374 "PEM_read_bio_DHparams(\"%s\") failed", file->data); | 1374 "PEM_read_bio_DHparams(\"%s\") failed", file->data); |
| 1375 BIO_free(bio); | 1375 BIO_free(bio); |
| 1376 return NGX_ERROR; | 1376 return NGX_ERROR; |
| 1377 } | 1377 } |
| 1378 | 1378 |
| 1379 SSL_CTX_set_tmp_dh(ssl->ctx, dh); | 1379 if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) { |
| 1380 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
| 1381 "SSL_CTX_set_tmp_dh(\"%s\") failed", file->data); | |
| 1382 DH_free(dh); | |
| 1383 BIO_free(bio); | |
| 1384 return NGX_ERROR; | |
| 1385 } | |
| 1380 | 1386 |
| 1381 DH_free(dh); | 1387 DH_free(dh); |
| 1382 BIO_free(bio); | 1388 BIO_free(bio); |
| 1383 | 1389 |
| 1384 return NGX_OK; | 1390 return NGX_OK; |