OpenSSL: Initialise one context at a time

If initialising the server context fails, but the client one succeeds,
we will not only leak memory, but the error message reported for
initialising the server context might not make sense, because we
initialise the client context after and that could erase or change the
list of queued errors.

This scenario is considered rare. Nevertheless, we now initialise the
client context after *successfully* initialising the server context.
This commit is contained in:
Aaron Jones 2016-08-30 10:30:17 +00:00
parent 0942c1fc26
commit 572c2d4b05
No known key found for this signature in database
GPG key ID: EC6F86EE9CD840B5

View file

@ -395,21 +395,21 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil
cipher_list = librb_ciphers;
#ifdef LRB_HAVE_TLS_METHOD_API
ssl_server_ctx_new = SSL_CTX_new(TLS_server_method());
ssl_client_ctx_new = SSL_CTX_new(TLS_client_method());
if((ssl_server_ctx_new = SSL_CTX_new(TLS_server_method())) == NULL)
#else
ssl_server_ctx_new = SSL_CTX_new(SSLv23_server_method());
ssl_client_ctx_new = SSL_CTX_new(SSLv23_client_method());
if((ssl_server_ctx_new = SSL_CTX_new(SSLv23_server_method())) == NULL)
#endif
if(ssl_server_ctx_new == NULL)
{
rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL server context: %s",
get_ssl_error(ERR_get_error()));
return 0;
}
if(ssl_client_ctx_new == NULL)
#ifdef LRB_HAVE_TLS_METHOD_API
if((ssl_client_ctx_new = SSL_CTX_new(TLS_client_method())) == NULL)
#else
if((ssl_client_ctx_new = SSL_CTX_new(SSLv23_client_method())) == NULL)
#endif
{
rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL client context: %s",
get_ssl_error(ERR_get_error()));