if (sdebug)
ssl_ctx_security_debug(ctx, bio_err, sdebug);
- if (vpm)
- SSL_CTX_set1_param(ctx, vpm);
+ if (vpm && !SSL_CTX_set1_param(ctx, vpm)) {
+ BIO_printf(bio_err, "Error setting verify params\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, 1, no_jpake)) {
ERR_print_errors(bio_err);
}
#endif
#ifndef OPENSSL_NO_SRTP
- if (srtp_profiles != NULL)
- SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+ if (srtp_profiles != NULL) {
+ /* Returns 0 on success!! */
+ if(SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles)) {
+ BIO_printf(bio_err, "Error setting SRTP profile\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
#endif
if (exc)
ssl_ctx_set_excert(ctx, exc);
BIO_printf(bio_err, "Error parsing -alpn argument\n");
goto end;
}
- SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
+ /* Returns 0 on success!! */
+ if(SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len)) {
+ BIO_printf(bio_err, "Error setting ALPN\n");
+ goto end;
+ }
OPENSSL_free(alpn);
}
#endif
#ifndef OPENSSL_NO_TLSEXT
for (i = 0; i < serverinfo_types_count; i++) {
- SSL_CTX_add_client_custom_ext(ctx,
+ if(!SSL_CTX_add_client_custom_ext(ctx,
serverinfo_types[i],
NULL, NULL, NULL,
- serverinfo_cli_parse_cb, NULL);
+ serverinfo_cli_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Warning: Unable to add custom extension %u. "
+ "Skipping\n", serverinfo_types[i]);
+ }
}
#endif
ERR_print_errors(bio_err);
goto end;
}
- SSL_set_session(con, sess);
+ if(!SSL_set_session(con, sess)) {
+ BIO_printf(bio_err, "Can't set session\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
SSL_SESSION_free(sess);
}
SSL_CTX_sess_set_cache_size(ctx, 128);
#ifndef OPENSSL_NO_SRTP
- if (srtp_profiles != NULL)
- SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+ if (srtp_profiles != NULL) {
+ /* Returns 0 on success!! */
+ if(SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles)) {
+ BIO_printf(bio_err, "Error setting SRTP profile\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
#endif
if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
ERR_print_errors(bio_err);
/* goto end; */
}
- if (vpm)
- SSL_CTX_set1_param(ctx, vpm);
+ if (vpm && !SSL_CTX_set1_param(ctx, vpm)) {
+ BIO_printf(bio_err, "Error setting X509 params\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
ssl_ctx_add_crls(ctx, crls, 0);
if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
(!SSL_CTX_set_default_verify_paths(ctx2))) {
ERR_print_errors(bio_err);
}
- if (vpm)
- SSL_CTX_set1_param(ctx2, vpm);
+ if (vpm && !SSL_CTX_set1_param(ctx2, vpm)) {
+ BIO_printf(bio_err, "Error setting X509 params\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
ssl_ctx_add_crls(ctx2, crls, 0);
if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, no_jpake))
#endif
SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
- SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
- sizeof s_server_session_id_context);
+ if(!SSL_CTX_set_session_id_context(ctx,
+ (void *)&s_server_session_id_context,
+ sizeof s_server_session_id_context)) {
+ BIO_printf(bio_err, "error setting session id context\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
/* Set DTLS cookie generation and verification callbacks */
SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
#ifndef OPENSSL_NO_TLSEXT
if (ctx2) {
SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
- SSL_CTX_set_session_id_context(ctx2,
+ if(!SSL_CTX_set_session_id_context(ctx2,
(void *)&s_server_session_id_context,
- sizeof s_server_session_id_context);
+ sizeof s_server_session_id_context)) {
+ BIO_printf(bio_err, "error setting session id context\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
tlsextcbp.biodebug = bio_s_out;
SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
}
#endif /* OPENSSL_NO_KRB5 */
- if (context)
- SSL_set_session_id_context(con, context, strlen((char *)context));
+ if (context && !SSL_set_session_id_context(con, context,
+ strlen((char *)context))) {
+ BIO_printf(bio_err, "Error setting session id context\n");
+ ret = -1;
+ goto err;
+ }
+ }
+ if(!SSL_clear(con)) {
+ BIO_printf(bio_err, "Error clearing SSL connection\n");
+ ret = -1;
+ goto err;
}
- SSL_clear(con);
if (stype == SOCK_DGRAM) {
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
}
#endif /* OPENSSL_NO_KRB5 */
- if (context)
- SSL_set_session_id_context(con, context, strlen((char *)context));
+ if (context && !SSL_set_session_id_context(con, context,
+ strlen((char *)context))) {
+ goto err;
+ }
sbio = BIO_new_socket(s, BIO_NOCLOSE);
if (s_nbio_test) {
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
}
#endif /* OPENSSL_NO_KRB5 */
- if (context)
- SSL_set_session_id_context(con, context, strlen((char *)context));
+ if (context && !SSL_set_session_id_context(con, context,
+ strlen((char *)context))) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
sbio = BIO_new_socket(s, BIO_NOCLOSE);
SSL_set_bio(con, sbio, sbio);
return 0;
}
p = sess->der;
- i2d_SSL_SESSION(session, &p);
+ if(i2d_SSL_SESSION(session, &p) < 0) {
+ BIO_printf(bio_err, "Error encoding session\n");
+ return 0;
+ }
sess->next = first;
first = sess;
if (st_bugs)
SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
- SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
+ if(!SSL_CTX_set_cipher_list(tm_ctx, tm_cipher))
+ goto end;
if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
goto end;
if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
- SSL_write(scon, buf, strlen(buf));
+ if(SSL_write(scon, buf, strlen(buf)) <= 0)
+ goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}
if (s_www_path != NULL) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
- SSL_write(scon, buf, strlen(buf));
+ if(SSL_write(scon, buf, strlen(buf)) <= 0)
+ goto end;
while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
}
#ifdef NO_SHUTDOWN
if (s_www_path) {
BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
s_www_path);
- SSL_write(scon, buf, strlen(buf));
+ if(SSL_write(scon, buf, strlen(buf)) <= 0)
+ goto end;
while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
bytes_read += i;
}