From 572c2d4b05793f441e3c171ffa9ac9f404e8ec1f Mon Sep 17 00:00:00 2001 From: Aaron Jones Date: Tue, 30 Aug 2016 10:30:17 +0000 Subject: [PATCH] OpenSSL: Initialise one context at a time If initialising the server context fails, but the client one succeeds, we will not only leak memory, but the error message reported for initialising the server context might not make sense, because we initialise the client context after and that could erase or change the list of queued errors. This scenario is considered rare. Nevertheless, we now initialise the client context after *successfully* initialising the server context. --- librb/src/openssl.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/librb/src/openssl.c b/librb/src/openssl.c index ef5a60da..1f3a54e1 100644 --- a/librb/src/openssl.c +++ b/librb/src/openssl.c @@ -395,21 +395,21 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil cipher_list = librb_ciphers; #ifdef LRB_HAVE_TLS_METHOD_API - ssl_server_ctx_new = SSL_CTX_new(TLS_server_method()); - ssl_client_ctx_new = SSL_CTX_new(TLS_client_method()); + if((ssl_server_ctx_new = SSL_CTX_new(TLS_server_method())) == NULL) #else - ssl_server_ctx_new = SSL_CTX_new(SSLv23_server_method()); - ssl_client_ctx_new = SSL_CTX_new(SSLv23_client_method()); + if((ssl_server_ctx_new = SSL_CTX_new(SSLv23_server_method())) == NULL) #endif - - if(ssl_server_ctx_new == NULL) { rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL server context: %s", get_ssl_error(ERR_get_error())); return 0; } - if(ssl_client_ctx_new == NULL) + #ifdef LRB_HAVE_TLS_METHOD_API + if((ssl_client_ctx_new = SSL_CTX_new(TLS_client_method())) == NULL) + #else + if((ssl_client_ctx_new = SSL_CTX_new(SSLv23_client_method())) == NULL) + #endif { rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL client context: %s", get_ssl_error(ERR_get_error()));