BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher The default dh_param value is 2048 and it's preset to zero unless explicitly set, so we must not report a warning about DH param not being loadble in 1024 bits when we're going to use 2048. Thanks to Dinko for reporting this. This should be backported to 2.2. (cherry picked from commit 6d27a92b83f75bab42bda08ed28b70fb95525fd9) Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

commit: 58ee2312fc30355b8459e402f8a790cb21c97365 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Thu Nov 05 19:38:05 2020 +0100
committer: Christopher Faulet <cfaulet@haproxy.com> Fri Nov 06 09:09:35 2020 +0100
tree: 062d54289acfb6ca978cc9ca8cdbcd20412fa393
parent: 1c0a722a83e7c45456a2b82c15889ab9ab5c4948 [diff] [blame]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6f73a31..6f28c4f 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -2993,7 +2993,7 @@
 		/* Clear openssl global errors stack */
 		ERR_clear_error();
 
-		if (global_ssl.default_dh_param <= 1024) {
+		if (global_ssl.default_dh_param && global_ssl.default_dh_param <= 1024) {
 			/* we are limited to DH parameter of 1024 bits anyway */
 			if (local_dh_1024 == NULL)
 				local_dh_1024 = ssl_get_dh_1024();
commit	58ee2312fc30355b8459e402f8a790cb21c97365	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Thu Nov 05 19:38:05 2020 +0100
committer	Christopher Faulet <cfaulet@haproxy.com>	Fri Nov 06 09:09:35 2020 +0100
tree	062d54289acfb6ca978cc9ca8cdbcd20412fa393
parent	1c0a722a83e7c45456a2b82c15889ab9ab5c4948 [diff] [blame]