details: https://hg.nginx.org/nginx/rev/efbcecbe5805
branches: stable-1.20
changeset: 7959:efbcecbe5805
user: Sergey Kandaurov <pluk...@nginx.com>
date: Wed Aug 04 21:27:51 2021 +0300
description:
SSL: SSL_CTX_set_tmp_dh() error handling.
For example, it can fail due to weak DH parameters.
diffstat:
src/event/ngx_event_openssl.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diffs (18 lines):
diff -r 9b72da2b5b57 -r efbcecbe5805 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Tue Aug 03 20:50:30 2021 +0300
+++ b/src/event/ngx_event_openssl.c Wed Aug 04 21:27:51 2021 +0300
@@ -1376,7 +1376,13 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_
return NGX_ERROR;
}
- SSL_CTX_set_tmp_dh(ssl->ctx, dh);
+ if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "SSL_CTX_set_tmp_dh(\"%s\") failed", file->data);
+ DH_free(dh);
+ BIO_free(bio);
+ return NGX_ERROR;
+ }
DH_free(dh);
BIO_free(bio);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
