# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1486395486 -10800
# Node ID 5cb85b0ee00b84d6d4eb5fbeeaed468fe5431bf3
# Parent  72bb626484a40b39cc0061b6749dee0f47878afa
SSL: clear error queue after OPENSSL_init_ssl().

The function may leave error in the error queue while returning success,
e.g., when taking a DSO reference to itself as of OpenSSL 1.1.0d:
https://git.openssl.org/?p=openssl.git;a=commit;h=4af9f7f

Notably, this fixes alert seen with statically linked OpenSSL on some platforms.

While here, check OPENSSL_init_ssl() return value.

diff -r 72bb626484a4 -r 5cb85b0ee00b src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c	Thu Feb 02 20:29:16 2017 +0300
+++ b/src/event/ngx_event_openssl.c	Mon Feb 06 18:38:06 2017 +0300
@@ -121,7 +121,17 @@
 {
 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
 
-    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
+    if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) {
+        ngx_ssl_error(NGX_LOG_ALERT, log, 0, "OPENSSL_init_ssl() failed");
+        return NGX_ERROR;
+    }
+
+    /*
+     * OPENSSL_init_ssl() may leave errors in the error queue
+     * while returning success
+     */
+
+    ERR_clear_error();
 
 #else