[core] bugfix: fixed behavior on accept call leads to weird errors in case of incorrect X.509 certificates;

lib/hub.c

@@ -809,7 +809,9 @@ int _sxhub_settls_ctx(sxhub_t *hub, const char *crtfile)
 
 int _sxhub_settls_ctx_s(sxhub_t *hub)
 {
-  if(hub->ctx) return SXE_SUCCESS;
+  int r = SXE_SUCCESS;
+
+  if(hub->ctx) return r;
 
   /* init SSL certificates and context */
   if(!(hub->ctx = SSL_CTX_new(TLSv1_2_server_method()))) return SXE_ENOMEM;
@@ -828,11 +830,23 @@ int _sxhub_settls_ctx_s(sxhub_t *hub)
   SSL_CTX_load_verify_locations(hub->ctx, hub->rootca, NULL);
 
   /* set the local certificate from CertFile */
-  if(SSL_CTX_use_certificate_file(hub->ctx, hub->certpem, SSL_FILETYPE_PEM) <= 0) return SXE_ESSL;
+  if(SSL_CTX_use_certificate_file(hub->ctx, hub->certpem, SSL_FILETYPE_PEM) <= 0) {
+    r = SXE_ESSL;
+    goto __finish;
+  }
   /* set the private key from KeyFile (may be the same as CertFile) */
-  if(SSL_CTX_use_PrivateKey_file(hub->ctx, hub->certkey, SSL_FILETYPE_PEM) <= 0) return SXE_ESSL;
+  if(SSL_CTX_use_PrivateKey_file(hub->ctx, hub->certkey, SSL_FILETYPE_PEM) <= 0) {
+    r = SXE_ESSL;
+    goto __finish;
+  }
   /* verify private key */
-  if (!SSL_CTX_check_private_key(hub->ctx)) return SXE_ESSL;
+  if (!SSL_CTX_check_private_key(hub->ctx)) r = SXE_ESSL;
 
-  return SXE_SUCCESS;
+ __finish:
+  if(r != SXE_SUCCESS) {
+    SSL_CTX_free(hub->ctx);
+    hub->ctx = NULL;
+  }
+
+  return r;
 }