From 041cec2d97d443a2c2aed7ca5d2251bb18fafbb1 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Thu, 12 Jun 2014 23:39:58 +0900
Subject: [PATCH] nghttpx: Check error from SSL_set_fd

---
 src/shrpx_ssl.cc | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index 1313d6a8..8d4b99d8 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -490,10 +490,14 @@ ClientHandler* accept_connection
                    << ERR_error_string(ERR_get_error(), nullptr);
         return nullptr;
       }
-      SSL_set_fd(ssl, fd);
-      // To detect TLS renegotiation and deal with it, we have to use
-      // filter-based OpenSSL bufferevent and set evbuffer callback by
-      // our own.
+
+      if(SSL_set_fd(ssl, fd) == 0) {
+        LOG(ERROR) << "SSL_set_fd() failed: "
+                   << ERR_error_string(ERR_get_error(), nullptr);
+        SSL_free(ssl);
+        return nullptr;
+      }
+
       bev = bufferevent_openssl_socket_new(evbase, fd, ssl,
                                            BUFFEREVENT_SSL_ACCEPTING,
                                            BEV_OPT_DEFER_CALLBACKS);