]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: be9b00f)
BUG/MINOR: ssl: clear the SSL errors on DH loading failure
authorWilliam Lallemand <wlallemand@haproxy.com>
Wed, 5 Feb 2020 10:46:33 +0000 (11:46 +0100)
committerWilliam Lallemand <wlallemand@haproxy.org>
Wed, 5 Feb 2020 14:32:24 +0000 (15:32 +0100)
In ssl_sock_load_dh_params(), if haproxy failed to apply the dhparam
with SSL_CTX_set_tmp_dh(), it will apply the DH with
SSL_CTX_set_dh_auto().

The problem is that we don't clean the OpenSSL errors when leaving this
function so it could fail to load the certificate, even if it's only a
warning.

Fixes bug #483.

Must be backported in 2.1.

src/ssl_sock.c patch | blob | blame | history

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e00dafaa0eda223fd9f0a84a4ee24fe543710158..7698eec7fbb2b1b8a5545abc322881a15e29cc23 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3094,6 +3094,7 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
        }
 
 end:
+       ERR_clear_error();
        return ret;
 }
 #endif
Mirror of https://github.com/haproxy/haproxy.git