SSL: clear error queue after OPENSSL_init_ssl().

The function may leave error in the error queue while returning success, e.g., when taking a DSO reference to itself as of OpenSSL 1.1.0d: https://git.openssl.org/?p=openssl.git;a=commit;h=4af9f7f Notably, this fixes alert seen with statically linked OpenSSL on some platforms. While here, check OPENSSL_init_ssl() return value.
author: Sergey Kandaurov <pluknet@nginx.com> 2017-02-06 18:38:06 +0300
committer: Sergey Kandaurov <pluknet@nginx.com> 2017-02-06 18:38:06 +0300
commit: 9af7dc2b44acb388f27e492ddc82116d082d02ab (patch)
tree: 79e6dbaa57480bf4a0c7dc062eed12a5ff95271b /src
parent: 4abafc85d612f3348c38e5294124f27a2e4681df (diff)
download: nginx-9af7dc2b44acb388f27e492ddc82116d082d02ab.tar.gz
nginx-9af7dc2b44acb388f27e492ddc82116d082d02ab.zip
1 files changed, 11 insertions, 1 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 3c74b7b21..8c7c67704 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -121,7 +121,17 @@ ngx_ssl_init(ngx_log_t *log)
 {
 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
 
-    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
+    if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) {
+        ngx_ssl_error(NGX_LOG_ALERT, log, 0, "OPENSSL_init_ssl() failed");
+        return NGX_ERROR;
+    }
+
+    /*
+     * OPENSSL_init_ssl() may leave errors in the error queue
+     * while returning success
+     */
+
+    ERR_clear_error();
 
 #else
author	Sergey Kandaurov <pluknet@nginx.com>	2017-02-06 18:38:06 +0300
committer	Sergey Kandaurov <pluknet@nginx.com>	2017-02-06 18:38:06 +0300
commit	9af7dc2b44acb388f27e492ddc82116d082d02ab (patch)
tree	79e6dbaa57480bf4a0c7dc062eed12a5ff95271b /src
parent	4abafc85d612f3348c38e5294124f27a2e4681df (diff)
download	nginx-9af7dc2b44acb388f27e492ddc82116d082d02ab.tar.gz nginx-9af7dc2b44acb388f27e492ddc82116d082d02ab.zip