Mercurial > dovecot > core-2.2
changeset 19448:a0df8b106de1
lib-ssl-iostream: Check for SSL_CTX_set_ecdh_auto() failure.
This shouldn't happen though.
| author | Timo Sirainen <tss@iki.fi> |
|---|---|
| date | Thu, 03 Dec 2015 12:13:11 +0200 |
| parents | dbbfa124b27d |
| children | 302c3c7e11f8 |
| files | src/lib-ssl-iostream/iostream-openssl-context.c |
| diffstat | 1 files changed, 7 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-ssl-iostream/iostream-openssl-context.c Thu Dec 03 12:02:56 2015 +0200 +++ b/src/lib-ssl-iostream/iostream-openssl-context.c Thu Dec 03 12:13:11 2015 +0200 @@ -465,7 +465,7 @@ static int ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx, const struct ssl_iostream_settings *set ATTR_UNUSED, - const char **error_r ATTR_UNUSED) + const char **error_r) { #if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO) EC_KEY *ecdh; @@ -483,7 +483,12 @@ #ifdef SSL_CTRL_SET_ECDH_AUTO /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection. */ - SSL_CTX_set_ecdh_auto(ssl_ctx, 1); + if (!SSL_CTX_set_ecdh_auto(ssl_ctx, 1)) { + /* shouldn't happen */ + *error_r = t_strdup_printf("SSL_CTX_set_ecdh_auto() failed: %s", + openssl_iostream_error()); + return -1; + } #else /* For OpenSSL < 1.0.2, ECDH temporary key parameter selection must be performed manually. Attempt to select the same curve as that used