OpenSSL: Initialise one context at a time
If initialising the server context fails, but the client one succeeds, we will not only leak memory, but the error message reported for initialising the server context might not make sense, because we initialise the client context after and that could erase or change the list of queued errors. This scenario is considered rare. Nevertheless, we now initialise the client context after *successfully* initialising the server context.
This commit is contained in:
Aaron Jones
parent
0942c1fc26
commit
572c2d4b05
|
|
@ -395,21 +395,21 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil
|
|||
cipher_list = librb_ciphers;
|
||||
|
||||
#ifdef LRB_HAVE_TLS_METHOD_API
|
||||
ssl_server_ctx_new = SSL_CTX_new(TLS_server_method());
|
||||
ssl_client_ctx_new = SSL_CTX_new(TLS_client_method());
|
||||
if((ssl_server_ctx_new = SSL_CTX_new(TLS_server_method())) == NULL)
|
||||
#else
|
||||
ssl_server_ctx_new = SSL_CTX_new(SSLv23_server_method());
|
||||
ssl_client_ctx_new = SSL_CTX_new(SSLv23_client_method());
|
||||
if((ssl_server_ctx_new = SSL_CTX_new(SSLv23_server_method())) == NULL)
|
||||
#endif
|
||||
|
||||
if(ssl_server_ctx_new == NULL)
|
||||
{
|
||||
rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL server context: %s",
|
||||
get_ssl_error(ERR_get_error()));
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(ssl_client_ctx_new == NULL)
|
||||
#ifdef LRB_HAVE_TLS_METHOD_API
|
||||
if((ssl_client_ctx_new = SSL_CTX_new(TLS_client_method())) == NULL)
|
||||
#else
|
||||
if((ssl_client_ctx_new = SSL_CTX_new(SSLv23_client_method())) == NULL)
|
||||
#endif
|
||||
{
|
||||
rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL client context: %s",
|
||||
get_ssl_error(ERR_get_error()));
|
||||
|
|
|
|||
Loading…
Reference in a new issue