diff options
author | Sergey Kandaurov <pluknet@nginx.com> | 2021-08-04 21:27:51 +0300 |
---|---|---|
committer | Sergey Kandaurov <pluknet@nginx.com> | 2021-08-04 21:27:51 +0300 |
commit | c2db2f8f2d8a1fe40d8ff9b1c256aad7362d13bb (patch) | |
tree | 002b5e01936a2447530fd2ab980e2e9086a43d8f | |
parent | a31869dfaf1aa7ad56eaa0eeb5275ee18699862c (diff) | |
download | nginx-c2db2f8f2d8a1fe40d8ff9b1c256aad7362d13bb.tar.gz |
SSL: SSL_CTX_set_tmp_dh() error handling.
For example, it can fail due to weak DH parameters.
-rw-r--r-- | src/event/ngx_event_openssl.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 60cc35876..2a0d0054f 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1376,7 +1376,13 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) return NGX_ERROR; } - SSL_CTX_set_tmp_dh(ssl->ctx, dh); + if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) { + ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, + "SSL_CTX_set_tmp_dh(\"%s\") failed", file->data); + DH_free(dh); + BIO_free(bio); + return NGX_ERROR; + } DH_free(dh); BIO_free(bio); |