mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 14:21:25 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: clear the SSL errors on DH loading failure

Browse Source 
In ssl_sock_load_dh_params(), if haproxy failed to apply the dhparam
with SSL_CTX_set_tmp_dh(), it will apply the DH with
SSL_CTX_set_dh_auto().

The problem is that we don't clean the OpenSSL errors when leaving this
function so it could fail to load the certificate, even if it's only a
warning.

Fixes bug #483.

Must be backported in 2.1.
This commit is contained in:
William Lallemand 2020-02-05 11:46:33 +01:00 committed by William Lallemand
parent be9b00f992
commit 4dd145a888
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/ssl_sock.c
View File

@ -3094,6 +3094,7 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
} }
end: end:
ERR_clear_error();
return ret; return ret;
} }
#endif #endif