From: Aaron Jones Date: Tue, 30 Aug 2016 10:30:17 +0000 (+0000) Subject: OpenSSL: Initialise one context at a time X-Git-Url: https://jfr.im/git/solanum.git/commitdiff_plain/572c2d4b05793f441e3c171ffa9ac9f404e8ec1f?hp=0942c1fc26fecaf016f11dc5ca8d48a9ab58b4ff OpenSSL: Initialise one context at a time If initialising the server context fails, but the client one succeeds, we will not only leak memory, but the error message reported for initialising the server context might not make sense, because we initialise the client context after and that could erase or change the list of queued errors. This scenario is considered rare. Nevertheless, we now initialise the client context after *successfully* initialising the server context. --- diff --git a/librb/src/openssl.c b/librb/src/openssl.c index ef5a60da..1f3a54e1 100644 --- a/librb/src/openssl.c +++ b/librb/src/openssl.c @@ -395,21 +395,21 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil cipher_list = librb_ciphers; #ifdef LRB_HAVE_TLS_METHOD_API - ssl_server_ctx_new = SSL_CTX_new(TLS_server_method()); - ssl_client_ctx_new = SSL_CTX_new(TLS_client_method()); + if((ssl_server_ctx_new = SSL_CTX_new(TLS_server_method())) == NULL) #else - ssl_server_ctx_new = SSL_CTX_new(SSLv23_server_method()); - ssl_client_ctx_new = SSL_CTX_new(SSLv23_client_method()); + if((ssl_server_ctx_new = SSL_CTX_new(SSLv23_server_method())) == NULL) #endif - - if(ssl_server_ctx_new == NULL) { rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL server context: %s", get_ssl_error(ERR_get_error())); return 0; } - if(ssl_client_ctx_new == NULL) + #ifdef LRB_HAVE_TLS_METHOD_API + if((ssl_client_ctx_new = SSL_CTX_new(TLS_client_method())) == NULL) + #else + if((ssl_client_ctx_new = SSL_CTX_new(SSLv23_client_method())) == NULL) + #endif { rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL client context: %s", get_ssl_error(ERR_get_error()));