]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: be9b00f) | patch
BUG/MINOR: ssl: clear the SSL errors on DH loading failure
authorWilliam Lallemand <wlallemand@haproxy.com>
Wed, 5 Feb 2020 10:46:33 +0000 (11:46 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Wed, 5 Feb 2020 14:32:24 +0000 (15:32 +0100)
commit4dd145a888c7679812664bf2f246fa8199e94ab0
tree1836a03b0751609c9620f493f2d75b45f4f7ebdbtree
parentbe9b00f9927f59330e01954170c49bca967b00c5commit | diff
BUG/MINOR: ssl: clear the SSL errors on DH loading failure

In ssl_sock_load_dh_params(), if haproxy failed to apply the dhparam
with SSL_CTX_set_tmp_dh(), it will apply the DH with
SSL_CTX_set_dh_auto().

The problem is that we don't clean the OpenSSL errors when leaving this
function so it could fail to load the certificate, even if it's only a
warning.

Fixes bug #483.

Must be backported in 2.1.
src/ssl_sock.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git