Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: SSL_CTX_set_tmp_dh() error handling.

Maxim Dounin
November 16, 2021 09:54AM
details: https://hg.nginx.org/nginx/rev/efbcecbe5805
branches: stable-1.20
changeset: 7959:efbcecbe5805
user: Sergey Kandaurov <pluknet@nginx.com>
date: Wed Aug 04 21:27:51 2021 +0300
description:
SSL: SSL_CTX_set_tmp_dh() error handling.

For example, it can fail due to weak DH parameters.

diffstat:

src/event/ngx_event_openssl.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)

diffs (18 lines):

diff -r 9b72da2b5b57 -r efbcecbe5805 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Tue Aug 03 20:50:30 2021 +0300
+++ b/src/event/ngx_event_openssl.c Wed Aug 04 21:27:51 2021 +0300
@@ -1376,7 +1376,13 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_
return NGX_ERROR;
}

- SSL_CTX_set_tmp_dh(ssl->ctx, dh);
+ if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "SSL_CTX_set_tmp_dh(\"%s\") failed", file->data);
+ DH_free(dh);
+ BIO_free(bio);
+ return NGX_ERROR;
+ }

DH_free(dh);
BIO_free(bio);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] SSL: SSL_CTX_set_tmp_dh() error handling.

Maxim Dounin 71 November 16, 2021 09:54AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 70
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready