[glib-networking/remove-profile-system] openssl: error out if setting the cipher list fails
- From: Ignacio Casal Quinteiro <icq src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/remove-profile-system] openssl: error out if setting the cipher list fails
- Date: Fri, 8 Feb 2019 15:13:00 +0000 (UTC)
commit 05685fd1282b697fbe1b281d6210e078495a46c1
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date: Fri Feb 8 16:11:51 2019 +0100
openssl: error out if setting the cipher list fails
Fixes #61
tls/openssl/gtlsclientconnection-openssl.c | 24 +++++++++++++++++-------
tls/openssl/gtlsserverconnection-openssl.c | 20 +++++++++++++++-----
2 files changed, 32 insertions(+), 12 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index be7c01a..7d9aed2 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -410,19 +410,28 @@ generate_session_id (SSL *ssl,
return 1;
}
-static void
-set_cipher_list (GTlsClientConnectionOpenssl *client)
+static gboolean
+set_cipher_list (GTlsServerConnectionOpenssl *server,
+ GError **error)
{
- GTlsClientConnectionOpensslPrivate *priv;
+ GTlsServerConnectionOpensslPrivate *priv;
const gchar *cipher_list;
- priv = g_tls_client_connection_openssl_get_instance_private (client);
+ priv = g_tls_server_connection_openssl_get_instance_private (server);
cipher_list = g_getenv ("G_TLS_OPENSSL_CIPHER_LIST");
if (cipher_list == NULL)
cipher_list = DEFAULT_CIPHER_LIST;
- SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list);
+ if (!SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list))
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not create TLS context: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ return FALSE;
+ }
+
+ return TRUE;
}
#ifdef SSL_CTX_set1_sigalgs_list
@@ -488,6 +497,9 @@ g_tls_client_connection_openssl_initable_init (GInitable *initable,
return FALSE;
}
+ if (!set_cipher_list (client, error))
+ return FALSE;
+
/* Only TLS 1.2 or higher */
options = SSL_OP_NO_TICKET |
SSL_OP_NO_COMPRESSION |
@@ -520,8 +532,6 @@ g_tls_client_connection_openssl_initable_init (GInitable *initable,
SSL_CTX_set_client_cert_cb (priv->ssl_ctx, retrieve_certificate);
- set_cipher_list (client);
-
#ifdef SSL_CTX_set1_sigalgs_list
set_signature_algorithm_list (client);
#endif
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index b23080e..ee4b066 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -222,8 +222,9 @@ ssl_info_callback (const SSL *ssl,
}
#endif
-static void
-set_cipher_list (GTlsServerConnectionOpenssl *server)
+static gboolean
+set_cipher_list (GTlsServerConnectionOpenssl *server,
+ GError **error)
{
GTlsServerConnectionOpensslPrivate *priv;
const gchar *cipher_list;
@@ -234,7 +235,15 @@ set_cipher_list (GTlsServerConnectionOpenssl *server)
if (cipher_list == NULL)
cipher_list = DEFAULT_CIPHER_LIST;
- SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list);
+ if (!SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list))
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not create TLS context: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ return FALSE;
+ }
+
+ return TRUE;
}
#ifdef SSL_CTX_set1_sigalgs_list
@@ -294,6 +303,9 @@ g_tls_server_connection_openssl_initable_init (GInitable *initable,
return FALSE;
}
+ if (!set_cipher_list (client, error))
+ return FALSE;
+
/* Only TLS 1.2 or higher */
options = SSL_OP_NO_TICKET |
SSL_OP_NO_COMPRESSION |
@@ -365,8 +377,6 @@ g_tls_server_connection_openssl_initable_init (GInitable *initable,
SSL_CTX_add_session (priv->ssl_ctx, priv->session);
- set_cipher_list (server);
-
#ifdef SSL_CTX_set1_sigalgs_list
set_signature_algorithm_list (server);
#endif
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]