commit f52a2c7585092b980866fde5d1a0569fe2bf43b2
author Piotr Sikora <piotr@cloudflare.com> Sun Sep 22 22:36:11 2013 -0700
committer Piotr Sikora <piotr@cloudflare.com> Sun Sep 22 22:36:11 2013 -0700
tree af54491045d30063ed0db74a45c8e4ba40c774a9
parent 35e2bb0efbdac2d57a50a3e7e137085e25a5d1f3

SSL: stop loading configs with invalid "ssl_ciphers" values.

While there, remove unnecessary check in ngx_mail_ssl_module.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>

src/http/modules/ngx_http_ssl_module.c

diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index a6c803d..75dd7f4 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -561,6 +561,7 @@
         ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
                       "SSL_CTX_set_cipher_list(\"%V\") failed",
                       &conf->ciphers);
+        return NGX_CONF_ERROR;
     }
 
     if (conf->verify) {

src/mail/ngx_mail_ssl_module.c

diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index dbfb9c7..66aa18c 100644
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -287,15 +287,14 @@
         return NGX_CONF_ERROR;
     }
 
-    if (conf->ciphers.len) {
-        if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
-                                   (const char *) conf->ciphers.data)
-            == 0)
-        {
-            ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
-                          "SSL_CTX_set_cipher_list(\"%V\") failed",
-                          &conf->ciphers);
-        }
+    if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
+                                (const char *) conf->ciphers.data)
+        == 0)
+    {
+        ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
+                      "SSL_CTX_set_cipher_list(\"%V\") failed",
+                      &conf->ciphers);
+        return NGX_CONF_ERROR;
     }
 
     if (conf->prefer_server_ciphers) {