BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher
The default dh_param value is 2048 and it's preset to zero unless explicitly
set, so we must not report a warning about DH param not being loadble in 1024
bits when we're going to use 2048. Thanks to Dinko for reporting this.
This should be backported to 2.2.
(cherry picked from commit 6d27a92b83f75bab42bda08ed28b70fb95525fd9)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6f73a31..6f28c4f 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2993,7 +2993,7 @@
/* Clear openssl global errors stack */
ERR_clear_error();
- if (global_ssl.default_dh_param <= 1024) {
+ if (global_ssl.default_dh_param && global_ssl.default_dh_param <= 1024) {
/* we are limited to DH parameter of 1024 bits anyway */
if (local_dh_1024 == NULL)
local_dh_1024 = ssl_get_dh_1024();