Browse Source

error-check more openssl function calls

wip/unchecked-remove
Oswald Buddenhagen 5 years ago
parent
commit
6a874b5877
  1. 17
      src/socket.c

17
src/socket.c

@ -243,7 +243,10 @@ init_ssl_ctx( const server_conf_t *conf )
#else #else
const SSL_METHOD *method = SSLv23_client_method(); const SSL_METHOD *method = SSLv23_client_method();
#endif #endif
mconf->SSLContext = SSL_CTX_new( method ); if (!(mconf->SSLContext = SSL_CTX_new( method ))) {
print_ssl_errors( "initializing SSL context" );
return 0;
}
if (!(conf->ssl_versions & SSLv3)) if (!(conf->ssl_versions & SSLv3))
options |= SSL_OP_NO_SSLv3; options |= SSL_OP_NO_SSLv3;
@ -309,10 +312,18 @@ socket_start_tls( conn_t *conn, void (*cb)( int ok, void *aux ) )
} }
init_wakeup( &conn->ssl_fake, ssl_fake_cb, conn ); init_wakeup( &conn->ssl_fake, ssl_fake_cb, conn );
conn->ssl = SSL_new( ((server_conf_t *)conn->conf)->SSLContext ); if (!(conn->ssl = SSL_new( ((server_conf_t *)conn->conf)->SSLContext ))) {
print_ssl_errors( "initializing SSL connection" );
start_tls_p3( conn, 0 );
return;
}
if (ssl_return( "set server name", conn, SSL_set_tlsext_host_name( conn->ssl, conn->conf->host ) ) < 0) if (ssl_return( "set server name", conn, SSL_set_tlsext_host_name( conn->ssl, conn->conf->host ) ) < 0)
return; return;
SSL_set_fd( conn->ssl, conn->fd ); if (!SSL_set_fd( conn->ssl, conn->fd )) {
print_ssl_errors( "setting SSL socket fd" );
start_tls_p3( conn, 0 );
return;
}
SSL_set_mode( conn->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER ); SSL_set_mode( conn->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER );
socket_expect_read( conn, 1 ); socket_expect_read( conn, 1 );
conn->state = SCK_STARTTLS; conn->state = SCK_STARTTLS;

Loading…
Cancel
Save