From 3b25bf08a535929b29a1869cca261c099105e1ba Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Thu, 2 Jul 2026 15:00:57 +0000 Subject: [PATCH] BUG/MINOR: ssl: don't print NULL errmsg in ssl_sock_prepare_all_ctx() When ssl_sock_prepare_all_ctx() encounters a non-zero errcode but errmsg was never populated (because the underlying check already reported the error directly via ha_alert()), the final ha_alert("%s", errmsg) call emits a spurious "(null)" alert to the log. Guard the ha_warning/ha_alert calls with a NULL check on errmsg. This should be backported to all maintained branches. --- src/ssl_sock.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 275272a2b..1e34ce969 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5444,9 +5444,11 @@ int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf) } if (errcode & ERR_WARN) { - ha_warning("%s", errmsg); + if (errmsg) + ha_warning("%s", errmsg); } else if (errcode & ERR_CODE) { - ha_alert("%s", errmsg); + if (errmsg) + ha_alert("%s", errmsg); err++; } -- 2.47.3