# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1628101671 -10800
# Node ID 34a3a1a2d197bc687a8f0b14204b7a92cbd4deb8
# Parent  573bd30e46b475669c5fa007ad9e5a175a89a3ea
SSL: SSL_CTX_set_tmp_dh() error handling.

For example, it can fail due to weak DH parameters.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1376,7 +1376,13 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_
         return NGX_ERROR;
     }
 
-    SSL_CTX_set_tmp_dh(ssl->ctx, dh);
+    if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) {
+        ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+                      "SSL_CTX_set_tmp_dh(\"%s\") failed", file->data);
+        DH_free(dh);
+        BIO_free(bio);
+        return NGX_ERROR;
+    }
 
     DH_free(dh);
     BIO_free(bio);