From eb3d227d61b969eafdc7dbde310e59e4dc069bd7 Mon Sep 17 00:00:00 2001 From: Juan RP Date: Sun, 24 Apr 2016 08:42:32 +0200 Subject: [PATCH] lib/fetch: check that SSL_CTX_new() does not fail and print its errors (#170). Thanks @ebfe. --- lib/fetch/common.c | 8 ++++++-- lib/fetch/common.h | 5 ----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/lib/fetch/common.c b/lib/fetch/common.c index 8122c2e0..2c7fc4f2 100644 --- a/lib/fetch/common.c +++ b/lib/fetch/common.c @@ -963,8 +963,12 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose) (void)pthread_once(&ssl_init_once, ssl_init); - conn->ssl_meth = SSLv23_client_method(); - conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); + conn->ssl_ctx = SSL_CTX_new(SSLv23_client_method()); + if (conn->ssl_ctx == NULL) { + fprintf(stderr, "failed to create SSL context\n"); + ERR_print_errors_fp(stderr); + return -1; + } SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY); fetch_ssl_setup_transport_layer(conn->ssl_ctx, verbose); diff --git a/lib/fetch/common.h b/lib/fetch/common.h index 4c261577..09a5d6b1 100644 --- a/lib/fetch/common.h +++ b/lib/fetch/common.h @@ -73,11 +73,6 @@ struct fetchconn { SSL *ssl; /* SSL handle */ SSL_CTX *ssl_ctx; /* SSL context */ X509 *ssl_cert; /* server certificate */ -# if OPENSSL_VERSION_NUMBER < 0x00909000L - SSL_METHOD *ssl_meth; /* SSL method */ -# else - const SSL_METHOD *ssl_meth; /* SSL method */ -# endif #endif char *ftp_home;