DeforaOS/Transport
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Stricter initialization of the SSL context structure

Browse Source
This commit is contained in:
Pierre Pronchery 2014-05-13 20:35:34 +02:00
parent 8b0ea74a48
commit 0853dc4794
1 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/transport/ssl.c
View File

@ -209,9 +209,18 @@ static int _init_client(SSLTransport * ssl, char const * name)
struct sockaddr_in * sa; struct sockaddr_in * sa;
#endif #endif
if((ssl->ssl_ctx = SSL_CTX_new(TLSv1_client_method())) == NULL) if((ssl->ssl_ctx = SSL_CTX_new(TLSv1_client_method())) == NULL
|| SSL_CTX_set_cipher_list(ssl->ssl_ctx,
SSL_DEFAULT_CIPHER_LIST) != 1
|| SSL_CTX_load_verify_locations(ssl->ssl_ctx, NULL,
"/etc/openssl/certs") != 1)
{
if(ssl->ssl_ctx != NULL)
SSL_CTX_free(ssl->ssl_ctx);
ssl->ssl_ctx = NULL;
/* FIXME report the error */ /* FIXME report the error */
return -1; return -1;
}
ssl->u.client.transport = ssl; ssl->u.client.transport = ssl;
ssl->u.client.fd = -1; ssl->u.client.fd = -1;
/* obtain the remote address */ /* obtain the remote address */
@ -273,9 +282,18 @@ static int _init_server(SSLTransport * ssl, char const * name)
struct sockaddr_in * sa; struct sockaddr_in * sa;
#endif #endif
if((ssl->ssl_ctx = SSL_CTX_new(TLSv1_server_method())) == NULL) if((ssl->ssl_ctx = SSL_CTX_new(TLSv1_server_method())) == NULL
|| SSL_CTX_set_cipher_list(ssl->ssl_ctx,
SSL_DEFAULT_CIPHER_LIST) != 1
|| SSL_CTX_load_verify_locations(ssl->ssl_ctx, NULL,
"/etc/openssl/certs") != 1)
{
if(ssl->ssl_ctx != NULL)
SSL_CTX_free(ssl->ssl_ctx);
ssl->ssl_ctx = NULL;
/* FIXME report the error */ /* FIXME report the error */
return -1; return -1;
}
ssl->u.server.fd = -1; ssl->u.server.fd = -1;
/* obtain the local address */ /* obtain the local address */
if((ssl->ai = _init_address(name, TCP_FAMILY, AI_PASSIVE)) == NULL) if((ssl->ai = _init_address(name, TCP_FAMILY, AI_PASSIVE)) == NULL)