[glib-networking/remove-profile-system] openssl: error out if setting the cipher list fails
- From: Ignacio Casal Quinteiro <icq src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/remove-profile-system] openssl: error out if setting the cipher list fails
- Date: Fri, 8 Feb 2019 15:17:08 +0000 (UTC)
commit 36ca6cd20282fba5531affb1301960ca4c7a085d
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date: Fri Feb 8 16:11:51 2019 +0100
openssl: error out if setting the cipher list fails
Fixes #61
tls/openssl/gtlsclientconnection-openssl.c | 20 +++++++++++++++-----
tls/openssl/gtlsserverconnection-openssl.c | 20 +++++++++++++++-----
2 files changed, 30 insertions(+), 10 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index be7c01a..2a16f6e 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -410,8 +410,9 @@ generate_session_id (SSL *ssl,
return 1;
}
-static void
-set_cipher_list (GTlsClientConnectionOpenssl *client)
+static gboolean
+set_cipher_list (GTlsClientConnectionOpenssl *client,
+ GError **error)
{
GTlsClientConnectionOpensslPrivate *priv;
const gchar *cipher_list;
@@ -422,7 +423,15 @@ set_cipher_list (GTlsClientConnectionOpenssl *client)
if (cipher_list == NULL)
cipher_list = DEFAULT_CIPHER_LIST;
- SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list);
+ if (!SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list))
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not create TLS context: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ return FALSE;
+ }
+
+ return TRUE;
}
#ifdef SSL_CTX_set1_sigalgs_list
@@ -488,6 +497,9 @@ g_tls_client_connection_openssl_initable_init (GInitable *initable,
return FALSE;
}
+ if (!set_cipher_list (client, error))
+ return FALSE;
+
/* Only TLS 1.2 or higher */
options = SSL_OP_NO_TICKET |
SSL_OP_NO_COMPRESSION |
@@ -520,8 +532,6 @@ g_tls_client_connection_openssl_initable_init (GInitable *initable,
SSL_CTX_set_client_cert_cb (priv->ssl_ctx, retrieve_certificate);
- set_cipher_list (client);
-
#ifdef SSL_CTX_set1_sigalgs_list
set_signature_algorithm_list (client);
#endif
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index b23080e..e5307de 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -222,8 +222,9 @@ ssl_info_callback (const SSL *ssl,
}
#endif
-static void
-set_cipher_list (GTlsServerConnectionOpenssl *server)
+static gboolean
+set_cipher_list (GTlsServerConnectionOpenssl *server,
+ GError **error)
{
GTlsServerConnectionOpensslPrivate *priv;
const gchar *cipher_list;
@@ -234,7 +235,15 @@ set_cipher_list (GTlsServerConnectionOpenssl *server)
if (cipher_list == NULL)
cipher_list = DEFAULT_CIPHER_LIST;
- SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list);
+ if (!SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list))
+ {
+ g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+ _("Could not create TLS context: %s"),
+ ERR_error_string (ERR_get_error (), NULL));
+ return FALSE;
+ }
+
+ return TRUE;
}
#ifdef SSL_CTX_set1_sigalgs_list
@@ -294,6 +303,9 @@ g_tls_server_connection_openssl_initable_init (GInitable *initable,
return FALSE;
}
+ if (!set_cipher_list (server, error))
+ return FALSE;
+
/* Only TLS 1.2 or higher */
options = SSL_OP_NO_TICKET |
SSL_OP_NO_COMPRESSION |
@@ -365,8 +377,6 @@ g_tls_server_connection_openssl_initable_init (GInitable *initable,
SSL_CTX_add_session (priv->ssl_ctx, priv->session);
- set_cipher_list (server);
-
#ifdef SSL_CTX_set1_sigalgs_list
set_signature_algorithm_list (server);
#endif
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]