SSL: SSL_CTX_set_tmp_dh() error handling.

For example, it can fail due to weak DH parameters.
author: Sergey Kandaurov <pluknet@nginx.com> 2021-08-04 21:27:51 +0300
committer: Sergey Kandaurov <pluknet@nginx.com> 2021-08-04 21:27:51 +0300
commit: 02bd43d05b6f7803597d8453d9848b767dc4a323 (patch)
tree: 256b61d575a61596a2ac4dee58e6c7ba99828c5f
parent: 15769c3918578dfa601303afa40d7acf9c36e4d9 (diff)
download: nginx-02bd43d05b6f7803597d8453d9848b767dc4a323.tar.gz
nginx-02bd43d05b6f7803597d8453d9848b767dc4a323.tar.bz2
1 files changed, 7 insertions, 1 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 60cc35876..2a0d0054f 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1376,7 +1376,13 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
         return NGX_ERROR;
     }
 
-    SSL_CTX_set_tmp_dh(ssl->ctx, dh);
+    if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) {
+        ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+                      "SSL_CTX_set_tmp_dh(\"%s\") failed", file->data);
+        DH_free(dh);
+        BIO_free(bio);
+        return NGX_ERROR;
+    }
 
     DH_free(dh);
     BIO_free(bio);
author	Sergey Kandaurov <pluknet@nginx.com>	2021-08-04 21:27:51 +0300
committer	Sergey Kandaurov <pluknet@nginx.com>	2021-08-04 21:27:51 +0300
commit	02bd43d05b6f7803597d8453d9848b767dc4a323 (patch)
tree	256b61d575a61596a2ac4dee58e6c7ba99828c5f
parent	15769c3918578dfa601303afa40d7acf9c36e4d9 (diff)
download	nginx-02bd43d05b6f7803597d8453d9848b767dc4a323.tar.gz nginx-02bd43d05b6f7803597d8453d9848b767dc4a323.tar.bz2