summaryrefslogtreecommitdiff
path: root/vio
diff options
context:
space:
mode:
Diffstat (limited to 'vio')
-rw-r--r--vio/viosslfactories.c46
1 files changed, 25 insertions, 21 deletions
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index 139fdbe43f2..9a476eace71 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -61,7 +61,8 @@ ssl_error_string[] =
"Private key does not match the certificate public key",
"SSL_CTX_set_default_verify_paths failed",
"Failed to set ciphers to use",
- "SSL_CTX_new failed"
+ "SSL_CTX_new failed",
+ "SSL_CTX_set_tmp_dh failed"
};
const char*
@@ -171,16 +172,14 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
if (!(ssl_fd= ((struct st_VioSSLFd*)
my_malloc(sizeof(struct st_VioSSLFd),MYF(0)))))
- DBUG_RETURN(0);
-
+ goto err0;
if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client_method ?
SSLv23_client_method() :
SSLv23_server_method())))
{
*error= SSL_INITERR_MEMFAIL;
DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
- my_free(ssl_fd);
- DBUG_RETURN(0);
+ goto err1;
}
SSL_CTX_set_options(ssl_fd->ssl_context, ssl_ctx_options);
@@ -195,9 +194,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
{
*error= SSL_INITERR_CIPHERS;
DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
- SSL_CTX_free(ssl_fd->ssl_context);
- my_free(ssl_fd);
- DBUG_RETURN(0);
+ goto err2;
}
/* Load certs from the trusted ca */
@@ -211,9 +208,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
*error= SSL_INITERR_BAD_PATHS;
DBUG_PRINT("error", ("SSL_CTX_load_verify_locations failed : %s",
sslGetErrString(*error)));
- SSL_CTX_free(ssl_fd->ssl_context);
- my_free(ssl_fd);
- DBUG_RETURN(0);
+ goto err2;
}
/* otherwise go use the defaults */
@@ -221,9 +216,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
{
*error= SSL_INITERR_BAD_PATHS;
DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
- SSL_CTX_free(ssl_fd->ssl_context);
- my_free(ssl_fd);
- DBUG_RETURN(0);
+ goto err2;
}
}
@@ -243,9 +236,7 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
DBUG_PRINT("warning", ("X509_STORE_load_locations for CRL failed"));
*error= SSL_INITERR_BAD_PATHS;
DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
- SSL_CTX_free(ssl_fd->ssl_context);
- my_free(ssl_fd);
- DBUG_RETURN(0);
+ goto err2;
}
#endif
}
@@ -253,19 +244,32 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
if (vio_set_cert_stuff(ssl_fd->ssl_context, cert_file, key_file, error))
{
DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
- SSL_CTX_free(ssl_fd->ssl_context);
- my_free(ssl_fd);
- DBUG_RETURN(0);
+ goto err2;
}
/* DH stuff */
dh=get_dh1024();
- SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh);
+ if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh))
+ {
+ *error= SSL_INITERR_DH;
+ goto err3;
+ }
+
DH_free(dh);
DBUG_PRINT("exit", ("OK 1"));
DBUG_RETURN(ssl_fd);
+
+err3:
+ DH_free(dh);
+err2:
+ SSL_CTX_free(ssl_fd->ssl_context);
+err1:
+ my_free(ssl_fd);
+err0:
+ DBUG_EXECUTE("error", ERR_print_errors_fp(DBUG_FILE););
+ DBUG_RETURN(0);
}