dovecot-2.2: lib-ssl-iostream: Check for SSL_CTX_set_ecdh_auto()...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Dec 3 10:13:28 UTC 2015
details: http://hg.dovecot.org/dovecot-2.2/rev/a0df8b106de1
changeset: 19448:a0df8b106de1
user: Timo Sirainen <tss at iki.fi>
date: Thu Dec 03 12:13:11 2015 +0200
description:
lib-ssl-iostream: Check for SSL_CTX_set_ecdh_auto() failure.
This shouldn't happen though.
diffstat:
src/lib-ssl-iostream/iostream-openssl-context.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diffs (26 lines):
diff -r dbbfa124b27d -r a0df8b106de1 src/lib-ssl-iostream/iostream-openssl-context.c
--- a/src/lib-ssl-iostream/iostream-openssl-context.c Thu Dec 03 12:02:56 2015 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c Thu Dec 03 12:13:11 2015 +0200
@@ -465,7 +465,7 @@
static int
ssl_proxy_ctx_set_crypto_params(SSL_CTX *ssl_ctx,
const struct ssl_iostream_settings *set ATTR_UNUSED,
- const char **error_r ATTR_UNUSED)
+ const char **error_r)
{
#if defined(HAVE_ECDH) && !defined(SSL_CTRL_SET_ECDH_AUTO)
EC_KEY *ecdh;
@@ -483,7 +483,12 @@
#ifdef SSL_CTRL_SET_ECDH_AUTO
/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter
selection. */
- SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
+ if (!SSL_CTX_set_ecdh_auto(ssl_ctx, 1)) {
+ /* shouldn't happen */
+ *error_r = t_strdup_printf("SSL_CTX_set_ecdh_auto() failed: %s",
+ openssl_iostream_error());
+ return -1;
+ }
#else
/* For OpenSSL < 1.0.2, ECDH temporary key parameter selection must be
performed manually. Attempt to select the same curve as that used
More information about the dovecot-cvs
mailing list