Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: free pkey on SSL_CTX_set0_tmp_dh_pkey() failure.

Previous Message Next Message
Forum List Message List New Topic Print View
Sergey Kandaurov
January 17, 2022 09:30AM
details: https://hg.nginx.org/nginx/rev/aeab41dfd260
branches:
changeset: 7994:aeab41dfd260
user: Sergey Kandaurov <pluknet@nginx.com>
date: Mon Jan 17 17:05:12 2022 +0300
description:
SSL: free pkey on SSL_CTX_set0_tmp_dh_pkey() failure.

The behaviour was changed in OpenSSL 3.0.1:
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=bf17b7b

diffstat:

src/event/ngx_event_openssl.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

diffs (13 lines):

diff -r 96ae8e57b3dd -r aeab41dfd260 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Tue Jan 11 02:23:49 2022 +0300
+++ b/src/event/ngx_event_openssl.c Mon Jan 17 17:05:12 2022 +0300
@@ -1383,6 +1383,9 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_
if (SSL_CTX_set0_tmp_dh_pkey(ssl->ctx, dh) != 1) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_set0_tmp_dh_pkey(\%s\") failed", file->data);
+#if (OPENSSL_VERSION_NUMBER >= 0x3000001fL)
+ EVP_PKEY_free(dh);
+#endif
BIO_free(bio);
return NGX_ERROR;
}
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Reply Quote
RSS
Subject Author Views Posted

[nginx] SSL: free pkey on SSL_CTX_set0_tmp_dh_pkey() failure.

Sergey Kandaurov 311 January 17, 2022 09:30AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 278
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready