Fijxu/nginx-quic
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

SSL: clear error queue after SSL_CTX_load_verify_locations().

Browse source 
The SSL_CTX_load_verify_locations() may leave errors in the error queue
while returning success (e.g. if there are duplicate certificates in the file
specified), resulting in "ignoring stale global SSL error" alerts later
at runtime.
This commit is contained in:
Maxim Dounin 2013-09-04 21:17:02 +04:00
parent e7b25cfb5a
commit 0a33f34edd
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/event/ngx_event_openssl.c
View file

@ -363,6 +363,13 @@ ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
return NGX_ERROR;
}
/*
* SSL_CTX_load_verify_locations() may leave errors in the error queue
* while returning success
*/
ERR_clear_error();
list = SSL_load_client_CA_file((char *) cert->data);
if (list == NULL) {
@ -407,6 +414,13 @@ ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
return NGX_ERROR;
}
/*
* SSL_CTX_load_verify_locations() may leave errors in the error queue
* while returning success
*/
ERR_clear_error();
return NGX_OK;
}