]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eb155b6)
BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error.
authorEmeric Brun <ebrun@haproxy.com>
Thu, 16 Aug 2018 13:14:12 +0000 (15:14 +0200)
committerWilly Tarreau <w@1wt.eu>
Thu, 16 Aug 2018 17:36:08 +0000 (19:36 +0200)
If the dh parameter is not found, the openssl's error global
stack was not correctly cleared causing unpredictable error
during the following parsing (chain cert parsing for instance).

This patch should be backported in 1.8 (and perhaps 1.7)

src/ssl_sock.c patch | blob | blame | history

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a0bea59553a0b1b4c6c0246fc2e97ea2a143fe00..813b599218b578d16ea5647507ad27f37aea7956 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2607,6 +2607,8 @@ end:
         if (in)
                 BIO_free(in);
 
+       ERR_clear_error();
+
        return dh;
 }
 
Mirror of https://github.com/haproxy/haproxy.git