BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher

The default dh_param value is 2048 and it's preset to zero unless explicitly
set, so we must not report a warning about DH param not being loadble in 1024
bits when we're going to use 2048. Thanks to Dinko for reporting this.

This should be backported to 2.2.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6f73a3175470ddf0d6e814350b629f3542bacfe1..6f28c4f4e7f500d33b208c06e2090214bdfa29e5 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2993,7 +2993,7 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
                /* Clear openssl global errors stack */
                ERR_clear_error();
 
-               if (global_ssl.default_dh_param <= 1024) {
+               if (global_ssl.default_dh_param && global_ssl.default_dh_param <= 1024) {
                        /* we are limited to DH parameter of 1024 bits anyway */
                        if (local_dh_1024 == NULL)
                                local_dh_1024 = ssl_get_dh_1024();