SSL: SSL_CTX_set_tmp_dh() error handling.

For example, it can fail due to weak DH parameters.
This commit is contained in:
Sergey Kandaurov 2021-08-04 21:27:51 +03:00
parent 15769c3918
commit 02bd43d05b

View File

@ -1376,7 +1376,13 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
return NGX_ERROR; return NGX_ERROR;
} }
SSL_CTX_set_tmp_dh(ssl->ctx, dh); if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_set_tmp_dh(\"%s\") failed", file->data);
DH_free(dh);
BIO_free(bio);
return NGX_ERROR;
}
DH_free(dh); DH_free(dh);
BIO_free(bio); BIO_free(bio);