recent commit 8b453912ce9a ("MINOR: ssl: ssl_sock_prepare_ctx() return an error 
code")
converted all errors handling; in this patch we always test `err`, but
three of them are missing. I did not found a plausible explanation about
it.

this should fix issue #374

Fixes: 8b453912ce9a ("MINOR: ssl: ssl_sock_prepare_ctx() return an error code")
Reported-by: Илья Шипицин <chipits...@gmail.com>
Signed-off-by: William Dauchy <w.dau...@criteo.com>
---
 src/ssl_sock.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6513760a..bcfa3e71 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4934,8 +4934,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, 
struct ssl_bind_conf *ssl_
        conf_ciphersuites = (ssl_conf && ssl_conf->ciphersuites) ? 
ssl_conf->ciphersuites : bind_conf->ssl_conf.ciphersuites;
        if (conf_ciphersuites &&
            !SSL_CTX_set_ciphersuites(ctx, conf_ciphersuites)) {
-               memprintf(err, "%sProxy '%s': unable to set TLS 1.3 cipher 
suites to '%s' for bind '%s' at [%s:%d].\n",
-                         *err ? *err : "", curproxy->id, conf_ciphersuites, 
bind_conf->arg, bind_conf->file, bind_conf->line);
+               if (err)
+                       memprintf(err, "%sProxy '%s': unable to set TLS 1.3 
cipher suites to '%s' for bind '%s' at [%s:%d].\n",
+                                 *err ? *err : "", curproxy->id, 
conf_ciphersuites, bind_conf->arg, bind_conf->file, bind_conf->line);
                cfgerr |= ERR_ALERT | ERR_FATAL;
        }
 #endif
@@ -5034,8 +5035,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, 
struct ssl_bind_conf *ssl_
        conf_curves = (ssl_conf && ssl_conf->curves) ? ssl_conf->curves : 
bind_conf->ssl_conf.curves;
        if (conf_curves) {
                if (!SSL_CTX_set1_curves_list(ctx, conf_curves)) {
-                       memprintf(err, "%sProxy '%s': unable to set SSL curves 
list to '%s' for bind '%s' at [%s:%d].\n",
-                                 *err ? *err : "", curproxy->id, conf_curves, 
bind_conf->arg, bind_conf->file, bind_conf->line);
+                       if (err)
+                               memprintf(err, "%sProxy '%s': unable to set SSL 
curves list to '%s' for bind '%s' at [%s:%d].\n",
+                                         *err ? *err : "", curproxy->id, 
conf_curves, bind_conf->arg, bind_conf->file, bind_conf->line);
                        cfgerr |= ERR_ALERT | ERR_FATAL;
                }
 #if defined(SSL_CTX_set_ecdh_auto)
@@ -5064,8 +5066,9 @@ int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, 
struct ssl_bind_conf *ssl_
 
                i = OBJ_sn2nid(ecdhe);
                if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
-                       memprintf(err, "%sProxy '%s': unable to set elliptic 
named curve to '%s' for bind '%s' at [%s:%d].\n",
-                                 *err ? *err : "", curproxy->id, ecdhe, 
bind_conf->arg, bind_conf->file, bind_conf->line);
+                       if (err)
+                               memprintf(err, "%sProxy '%s': unable to set 
elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
+                                         *err ? *err : "", curproxy->id, 
ecdhe, bind_conf->arg, bind_conf->file, bind_conf->line);
                        cfgerr |= ERR_ALERT | ERR_FATAL;
                }
                else {
-- 
2.24.0


Reply via email to