From bcc9f6752eb3811a0a364501a17ba0dfd10a513e Mon Sep 17 00:00:00 2001 From: Alexander Vdolainen Date: Mon, 21 May 2018 13:57:30 +0300 Subject: [PATCH] [core] bugfix: fixed behavior on accept call leads to weird errors in case of incorrect X.509 certificates; --- lib/hub.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/lib/hub.c b/lib/hub.c index 944173d..dbc0060 100644 --- a/lib/hub.c +++ b/lib/hub.c @@ -809,7 +809,9 @@ int _sxhub_settls_ctx(sxhub_t *hub, const char *crtfile) int _sxhub_settls_ctx_s(sxhub_t *hub) { - if(hub->ctx) return SXE_SUCCESS; + int r = SXE_SUCCESS; + + if(hub->ctx) return r; /* init SSL certificates and context */ if(!(hub->ctx = SSL_CTX_new(TLSv1_2_server_method()))) return SXE_ENOMEM; @@ -828,11 +830,23 @@ int _sxhub_settls_ctx_s(sxhub_t *hub) SSL_CTX_load_verify_locations(hub->ctx, hub->rootca, NULL); /* set the local certificate from CertFile */ - if(SSL_CTX_use_certificate_file(hub->ctx, hub->certpem, SSL_FILETYPE_PEM) <= 0) return SXE_ESSL; + if(SSL_CTX_use_certificate_file(hub->ctx, hub->certpem, SSL_FILETYPE_PEM) <= 0) { + r = SXE_ESSL; + goto __finish; + } /* set the private key from KeyFile (may be the same as CertFile) */ - if(SSL_CTX_use_PrivateKey_file(hub->ctx, hub->certkey, SSL_FILETYPE_PEM) <= 0) return SXE_ESSL; + if(SSL_CTX_use_PrivateKey_file(hub->ctx, hub->certkey, SSL_FILETYPE_PEM) <= 0) { + r = SXE_ESSL; + goto __finish; + } /* verify private key */ - if (!SSL_CTX_check_private_key(hub->ctx)) return SXE_ESSL; + if (!SSL_CTX_check_private_key(hub->ctx)) r = SXE_ESSL; - return SXE_SUCCESS; + __finish: + if(r != SXE_SUCCESS) { + SSL_CTX_free(hub->ctx); + hub->ctx = NULL; + } + + return r; }