[glib-networking/remove-profile-system] openssl: error out if setting the cipher list fails



commit 36ca6cd20282fba5531affb1301960ca4c7a085d
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Fri Feb 8 16:11:51 2019 +0100

    openssl: error out if setting the cipher list fails
    
    Fixes #61

 tls/openssl/gtlsclientconnection-openssl.c | 20 +++++++++++++++-----
 tls/openssl/gtlsserverconnection-openssl.c | 20 +++++++++++++++-----
 2 files changed, 30 insertions(+), 10 deletions(-)
---
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index be7c01a..2a16f6e 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -410,8 +410,9 @@ generate_session_id (SSL           *ssl,
   return 1;
 }
 
-static void
-set_cipher_list (GTlsClientConnectionOpenssl *client)
+static gboolean
+set_cipher_list (GTlsClientConnectionOpenssl  *client,
+                 GError                      **error)
 {
   GTlsClientConnectionOpensslPrivate *priv;
   const gchar *cipher_list;
@@ -422,7 +423,15 @@ set_cipher_list (GTlsClientConnectionOpenssl *client)
   if (cipher_list == NULL)
     cipher_list = DEFAULT_CIPHER_LIST;
 
-  SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list);
+  if (!SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list))
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                   _("Could not create TLS context: %s"),
+                   ERR_error_string (ERR_get_error (), NULL));
+      return FALSE;
+    }
+
+  return TRUE;
 }
 
 #ifdef SSL_CTX_set1_sigalgs_list
@@ -488,6 +497,9 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
       return FALSE;
     }
 
+  if (!set_cipher_list (client, error))
+    return FALSE;
+
   /* Only TLS 1.2 or higher */
   options = SSL_OP_NO_TICKET |
             SSL_OP_NO_COMPRESSION |
@@ -520,8 +532,6 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
 
   SSL_CTX_set_client_cert_cb (priv->ssl_ctx, retrieve_certificate);
 
-  set_cipher_list (client);
-
 #ifdef SSL_CTX_set1_sigalgs_list
   set_signature_algorithm_list (client);
 #endif
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index b23080e..e5307de 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -222,8 +222,9 @@ ssl_info_callback (const SSL *ssl,
 }
 #endif
 
-static void
-set_cipher_list (GTlsServerConnectionOpenssl *server)
+static gboolean
+set_cipher_list (GTlsServerConnectionOpenssl  *server,
+                 GError                      **error)
 {
   GTlsServerConnectionOpensslPrivate *priv;
   const gchar *cipher_list;
@@ -234,7 +235,15 @@ set_cipher_list (GTlsServerConnectionOpenssl *server)
   if (cipher_list == NULL)
     cipher_list = DEFAULT_CIPHER_LIST;
 
-  SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list);
+  if (!SSL_CTX_set_cipher_list (priv->ssl_ctx, cipher_list))
+    {
+      g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
+                   _("Could not create TLS context: %s"),
+                   ERR_error_string (ERR_get_error (), NULL));
+      return FALSE;
+    }
+
+  return TRUE;
 }
 
 #ifdef SSL_CTX_set1_sigalgs_list
@@ -294,6 +303,9 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
       return FALSE;
     }
 
+  if (!set_cipher_list (server, error))
+    return FALSE;
+
   /* Only TLS 1.2 or higher */
   options = SSL_OP_NO_TICKET |
             SSL_OP_NO_COMPRESSION |
@@ -365,8 +377,6 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
 
   SSL_CTX_add_session (priv->ssl_ctx, priv->session);
 
-  set_cipher_list (server);
-
 #ifdef SSL_CTX_set1_sigalgs_list
   set_signature_algorithm_list (server);
 #endif


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]