diff options
author | Patrick Steinhardt <ps@pks.im> | 2018-06-29 13:35:14 +0200 |
---|---|---|
committer | Patrick Steinhardt <ps@pks.im> | 2018-07-06 10:41:22 +0200 |
commit | 75395c871d24027da4b4fe8e1532931db018aa50 (patch) | |
tree | 236ed23c5e5ecea44c01647009c6b7b1cd9e657c | |
parent | 01574d4061a6dbaef0f8a887010cba3e9b62b87d (diff) | |
download | libgit2-75395c871d24027da4b4fe8e1532931db018aa50.tar.gz |
streams: report OpenSSL errors if global init fails
In case when the global initialization of the OpenSSL stream fails, the
user is left without any hint as to what went wrong as we do not provide
any error message at all. This commit refactors the init function to
have a common error path, which now also sets an error message including
the error string provided by OpenSSL.
-rw-r--r-- | src/streams/openssl.c | 37 |
1 files changed, 16 insertions, 21 deletions
diff --git a/src/streams/openssl.c b/src/streams/openssl.c index 8a1befc21..7fd810aeb 100644 --- a/src/streams/openssl.c +++ b/src/streams/openssl.c @@ -218,39 +218,34 @@ int git_openssl_stream_global_init(void) * compatibility. We then disable SSL so we only allow OpenSSL * to speak TLSv1 to perform the encryption itself. */ - git__ssl_ctx = SSL_CTX_new(SSLv23_method()); - if (!git__ssl_ctx) { - return -1; - } + if (!(git__ssl_ctx = SSL_CTX_new(SSLv23_method()))) + goto error; SSL_CTX_set_options(git__ssl_ctx, ssl_opts); SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY); SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL); - if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) { - SSL_CTX_free(git__ssl_ctx); - git__ssl_ctx = NULL; - return -1; - } + if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) + goto error; - if (!ciphers) { + if (!ciphers) ciphers = GIT_SSL_DEFAULT_CIPHERS; - } - if(!SSL_CTX_set_cipher_list(git__ssl_ctx, ciphers)) { - SSL_CTX_free(git__ssl_ctx); - git__ssl_ctx = NULL; - return -1; - } + if(!SSL_CTX_set_cipher_list(git__ssl_ctx, ciphers)) + goto error; - if (init_bio_method() < 0) { - SSL_CTX_free(git__ssl_ctx); - git__ssl_ctx = NULL; - return -1; - } + if (init_bio_method() < 0) + goto error; git__on_shutdown(shutdown_ssl); return 0; + +error: + giterr_set(GITERR_NET, "could not initialize openssl: %s", + ERR_error_string(ERR_get_error(), NULL)); + SSL_CTX_free(git__ssl_ctx); + git__ssl_ctx = NULL; + return -1; } #if defined(GIT_THREADS) && defined(OPENSSL_LEGACY_API) |