SSL: free pkey on SSL_CTX_set0_tmp_dh_pkey() failure.

The behaviour was changed in OpenSSL 3.0.1: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=bf17b7b
2025-06-11 12:22:41 +08:00 · 2022-01-17 17:05:12 +03:00 · 2022-01-17 17:05:12 +03:00 · 429150c1fa
commit 429150c1fa
parent 22d4ff08bb
1 changed files with 3 additions and 0 deletions
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@ -1383,6 +1383,9 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
    if (SSL_CTX_set0_tmp_dh_pkey(ssl->ctx, dh) != 1) {
        ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
                      "SSL_CTX_set0_tmp_dh_pkey(\%s\") failed", file->data);
+#if (OPENSSL_VERSION_NUMBER >= 0x3000001fL)
+        EVP_PKEY_free(dh);
+#endif
        BIO_free(bio);
        return NGX_ERROR;
    }