details: https://hg.nginx.org/nginx/rev/aeab41dfd260 branches: changeset: 7994:aeab41dfd260 user: Sergey Kandaurov <pluk...@nginx.com> date: Mon Jan 17 17:05:12 2022 +0300 description: SSL: free pkey on SSL_CTX_set0_tmp_dh_pkey() failure.
The behaviour was changed in OpenSSL 3.0.1: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=bf17b7b diffstat: src/event/ngx_event_openssl.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diffs (13 lines): diff -r 96ae8e57b3dd -r aeab41dfd260 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Tue Jan 11 02:23:49 2022 +0300 +++ b/src/event/ngx_event_openssl.c Mon Jan 17 17:05:12 2022 +0300 @@ -1383,6 +1383,9 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_ if (SSL_CTX_set0_tmp_dh_pkey(ssl->ctx, dh) != 1) { ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_set0_tmp_dh_pkey(\%s\") failed", file->data); +#if (OPENSSL_VERSION_NUMBER >= 0x3000001fL) + EVP_PKEY_free(dh); +#endif BIO_free(bio); return NGX_ERROR; } _______________________________________________ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
