[nginx] SSL: clear error queue after OPENSSL_init_ssl().
Sergey Kandaurov
pluknet at nginx.com
Mon Feb 6 15:41:25 UTC 2017
details: http://hg.nginx.org/nginx/rev/5cb85b0ee00b
branches:
changeset: 6902:5cb85b0ee00b
user: Sergey Kandaurov <pluknet at nginx.com>
date: Mon Feb 06 18:38:06 2017 +0300
description:
SSL: clear error queue after OPENSSL_init_ssl().
The function may leave error in the error queue while returning success,
e.g., when taking a DSO reference to itself as of OpenSSL 1.1.0d:
https://git.openssl.org/?p=openssl.git;a=commit;h=4af9f7f
Notably, this fixes alert seen with statically linked OpenSSL on some platforms.
While here, check OPENSSL_init_ssl() return value.
diffstat:
src/event/ngx_event_openssl.c | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletions(-)
diffs (22 lines):
diff -r 72bb626484a4 -r 5cb85b0ee00b src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Thu Feb 02 20:29:16 2017 +0300
+++ b/src/event/ngx_event_openssl.c Mon Feb 06 18:38:06 2017 +0300
@@ -121,7 +121,17 @@ ngx_ssl_init(ngx_log_t *log)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100003L
- OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
+ if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) {
+ ngx_ssl_error(NGX_LOG_ALERT, log, 0, "OPENSSL_init_ssl() failed");
+ return NGX_ERROR;
+ }
+
+ /*
+ * OPENSSL_init_ssl() may leave errors in the error queue
+ * while returning success
+ */
+
+ ERR_clear_error();
#else
More information about the nginx-devel
mailing list