# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1548952611 -10800
# Node ID e72c8a8a8b1036d18975059677fe8be2e229610e
# Parent  873150addfebbb848cf189b113ce69f5a20c07f3
SSL: separate checks for errors in ngx_ssl_read_password_file().

Checking multiple errors at once is a bad practice, as in general
it is not guaranteed that an object can be used after the error.
In this particular case, checking errors after multiple allocations
can result in excessive errors being logged when there is no memory
available.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -947,10 +947,13 @@ ngx_ssl_read_password_file(ngx_conf_t *c
         return NULL;
     }
 
+    passwords = ngx_array_create(cf->temp_pool, 4, sizeof(ngx_str_t));
+    if (passwords == NULL) {
+        return NULL;
+    }
+
     cln = ngx_pool_cleanup_add(cf->temp_pool, 0);
-    passwords = ngx_array_create(cf->temp_pool, 4, sizeof(ngx_str_t));
-
-    if (cln == NULL || passwords == NULL) {
+    if (cln == NULL) {
         return NULL;
     }