SSL3_CTX_CTRL:called a function you should not call

rbqdg9 nginx-forum at
Tue Mar 17 10:25:51 UTC 2015

Maxim Dounin Wrote:
> If you see problems with nginx 1.7.9, consider following hints 
> at
I think it will not help (at least if not did by anyone who really knows
both openssl and nginx internals).
the problem is quickly traceable to 

ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
        CERT    *cert;

        cert = ctx->cert;

        switch (cmd) {
        case SSL_CTRL_SET_TMP_RSA_CB:
(yes, this occurence, exactly)

inside libressl-2.1.3/ssl/s3_lib.c, and this function seems newer called by
nginx code directly and not supposed to be externally-called at all.
The pure openssl  have some pointer-magic in this place, dropped by libressl
developers (with the data structure itself, so no easy way to bring it

I think the only thing developers may do (if not willing to really
investigate and fix this issue) - just stop declaring nginx compatibility
with libressl. It not only  nonworking, but worse - it cleanly execute some
garbage instead of code.
(I have full system log of stack-protection mechanics trying to prevent

and yes, 1.7.10 still does the same. The problem itself does not appear on
any connection, just in some special cases, but easely reproduceable.

Posted at Nginx Forum:,256381,257313#msg-257313

More information about the nginx mailing list