diff options
| author |   jsing <jsing@openbsd.org> | 2015-02-22 14:59:37 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2015-02-22 14:59:37 +0000 |
| commit | 1d9579ef9467d0fe39ed53d62fc754ffe7b8e027 (patch) | |
| tree | 1af904c16a4923b4999d74d9337fb98bc00d5c7f /lib/libtls | |
| parent | Set the TLS ciphers to "compat" mode, restoring the previous behaviour. (diff) | |
| download | wireguard-openbsd-1d9579ef9467d0fe39ed53d62fc754ffe7b8e027.tar.xz wireguard-openbsd-1d9579ef9467d0fe39ed53d62fc754ffe7b8e027.zip | |
Check return values when setting dheparams and ecdhecurve for the default
configuration.
Diffstat (limited to 'lib/libtls')
| -rw-r--r-- | lib/libtls/tls_config.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/lib/libtls/tls_config.c b/lib/libtls/tls_config.c index 80242861c7b..0b0a8120a43 100644 --- a/lib/libtls/tls_config.c +++ b/lib/libtls/tls_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.7 2015/02/22 14:50:41 jsing Exp $ */ +/* $OpenBSD: tls_config.c,v 1.8 2015/02/22 14:59:37 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -68,22 +68,25 @@ tls_config_new(void) /* * Default configuration. */ - if (tls_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) { - tls_config_free(config); - return (NULL); - } - tls_config_set_dheparams(config, "none"); - tls_config_set_ecdhecurve(config, "auto"); - if (tls_config_set_ciphers(config, "secure") != 0) { - tls_config_free(config); - return (NULL); - } + if (tls_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) + goto err; + if (tls_config_set_dheparams(config, "none") != 0) + goto err; + if (tls_config_set_ecdhecurve(config, "auto") != 0) + goto err; + if (tls_config_set_ciphers(config, "secure") != 0) + goto err; + tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT); tls_config_set_verify_depth(config, 6); tls_config_verify(config); return (config); + +err: + tls_config_free(config); + return (NULL); } void |