From: Sergey Kandaurov <pluknet@nginx.com>
Date: Mon, 17 Jan 2022 14:05:12 +0000 (+0300)
Subject: SSL: free pkey on SSL_CTX_set0_tmp_dh_pkey() failure.
X-Git-Tag: release-1.21.6~4
X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=429150c1fa78317bdb19de380ce709651dbc042c;p=nginx.git

SSL: free pkey on SSL_CTX_set0_tmp_dh_pkey() failure.

The behaviour was changed in OpenSSL 3.0.1:
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=bf17b7b
---

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 33977af61..daa28ffe4 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1383,6 +1383,9 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
     if (SSL_CTX_set0_tmp_dh_pkey(ssl->ctx, dh) != 1) {
         ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
                       "SSL_CTX_set0_tmp_dh_pkey(\%s\") failed", file->data);
+#if (OPENSSL_VERSION_NUMBER >= 0x3000001fL)
+        EVP_PKEY_free(dh);
+#endif
         BIO_free(bio);
         return NGX_ERROR;
     }