Skip to content

Commit

Permalink
SSL: clear error queue after OPENSSL_init_ssl().
Browse files Browse the repository at this point in the history 
The function may leave error in the error queue while returning success,
e.g., when taking a DSO reference to itself as of OpenSSL 1.1.0d:
https://git.openssl.org/?p=openssl.git;a=commit;h=4af9f7f

Notably, this fixes alert seen with statically linked OpenSSL on some platforms.

While here, check OPENSSL_init_ssl() return value.
  • Loading branch information
@pluknet
pluknet committed Feb 6, 2017
1 parent 4abafc8 commit 9af7dc2
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion src/event/ngx_event_openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,17 @@ ngx_ssl_init(ngx_log_t *log)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100003L

OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) {
ngx_ssl_error(NGX_LOG_ALERT, log, 0, "OPENSSL_init_ssl() failed");
return NGX_ERROR;
}

/*
* OPENSSL_init_ssl() may leave errors in the error queue
* while returning success
*/

ERR_clear_error();

#else

Expand Down

0 comments on commit 9af7dc2

Please sign in to comment.