diff options
author | Edward Thomson <ethomson@edwardthomson.com> | 2018-07-08 15:28:50 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-08 15:28:50 +0100 |
commit | 290292b4b20f36920ff1ce1f079c6cf216eb8605 (patch) | |
tree | 87aee9cd3f3636cea7d00298fe67cbee8f9dc962 | |
parent | f4633791104fa5be75115fd4c7fab0c097da345e (diff) | |
parent | 75395c871d24027da4b4fe8e1532931db018aa50 (diff) | |
download | libgit2-290292b4b20f36920ff1ce1f079c6cf216eb8605.tar.gz |
Merge pull request #4710 from pks-t/pks/ssl-init-errors
streams: report OpenSSL errors if global init fails
-rw-r--r-- | src/streams/openssl.c | 37 |
1 files changed, 16 insertions, 21 deletions
diff --git a/src/streams/openssl.c b/src/streams/openssl.c index 8a1befc21..7fd810aeb 100644 --- a/src/streams/openssl.c +++ b/src/streams/openssl.c @@ -218,39 +218,34 @@ int git_openssl_stream_global_init(void) * compatibility. We then disable SSL so we only allow OpenSSL * to speak TLSv1 to perform the encryption itself. */ - git__ssl_ctx = SSL_CTX_new(SSLv23_method()); - if (!git__ssl_ctx) { - return -1; - } + if (!(git__ssl_ctx = SSL_CTX_new(SSLv23_method()))) + goto error; SSL_CTX_set_options(git__ssl_ctx, ssl_opts); SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL); - if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) { - SSL_CTX_free(git__ssl_ctx); - git__ssl_ctx = NULL; - return -1; - } + if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) + goto error; - if (!ciphers) { + if (!ciphers) ciphers = GIT_SSL_DEFAULT_CIPHERS; - } - if(!SSL_CTX_set_cipher_list(git__ssl_ctx, ciphers)) { - SSL_CTX_free(git__ssl_ctx); - git__ssl_ctx = NULL; - return -1; - } + if(!SSL_CTX_set_cipher_list(git__ssl_ctx, ciphers)) + goto error; - if (init_bio_method() < 0) { - SSL_CTX_free(git__ssl_ctx); - git__ssl_ctx = NULL; - return -1; - } + if (init_bio_method() < 0) + goto error; git__on_shutdown(shutdown_ssl); return 0; + +error: + giterr_set(GITERR_NET, "could not initialize openssl: %s", + ERR_error_string(ERR_get_error(), NULL)); + SSL_CTX_free(git__ssl_ctx); + git__ssl_ctx = NULL; + return -1; } #if defined(GIT_THREADS) && defined(OPENSSL_LEGACY_API) |