diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2013-09-04 21:17:02 +0400 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2013-09-04 21:17:02 +0400 |
| commit | 3d1e616d0bb9278a0291cc0a2a11178e1c1d9710 (patch) | |
| tree | d6bb32600b12e39399dfebde770b7e5a2601f51d /src | |
| parent | f108b28038d519db51f0453217af6f25381e1265 (diff) | |
| download | nginx-3d1e616d0bb9278a0291cc0a2a11178e1c1d9710.tar.gz nginx-3d1e616d0bb9278a0291cc0a2a11178e1c1d9710.zip | |
SSL: clear error queue after SSL_CTX_load_verify_locations().
The SSL_CTX_load_verify_locations() may leave errors in the error queue
while returning success (e.g. if there are duplicate certificates in the file
specified), resulting in "ignoring stale global SSL error" alerts later
at runtime.
Diffstat (limited to 'src')
| -rw-r--r-- | src/event/ngx_event_openssl.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 50746e7ac..f2419e466 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -363,6 +363,13 @@ ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, return NGX_ERROR; } + /* + * SSL_CTX_load_verify_locations() may leave errors in the error queue + * while returning success + */ + + ERR_clear_error(); + list = SSL_load_client_CA_file((char *) cert->data); if (list == NULL) { @@ -407,6 +414,13 @@ ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, return NGX_ERROR; } + /* + * SSL_CTX_load_verify_locations() may leave errors in the error queue + * while returning success + */ + + ERR_clear_error(); + return NGX_OK; } |