mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 20:03:13 +02:00
Fix tls_ctx_client/server_new leaving error on OpenSSL error stack
In the corner case that the global OpenSSL has an invalid command like MinProtocol = TLSv1.0 (due to OpenSSL's idiosyncrasies MinProtocol = TLSv1 would be correct) the SSL_ctx_new function leaves the errors for parsing the config file on the stack. OpenSSL: error:14187180:SSL routines:ssl_do_config:bad value Since the later functions, especially the one of loading the certificates expected a clean error this error got reported at the wrong place. Print the warnings with crypto_msg when we detect that we are in this situation (this also clears the stack). Debian Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958296 Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20200421101122.24284-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19802.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
parent
c40679fbb0
commit
75aa88af77
@ -115,6 +115,11 @@ tls_ctx_server_new(struct tls_root_ctx *ctx)
|
||||
{
|
||||
crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
|
||||
}
|
||||
if (ERR_peek_error() != 0)
|
||||
{
|
||||
crypto_msg(M_WARN, "Warning: TLS server context initialisation "
|
||||
"has warnings.");
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
@ -128,6 +133,11 @@ tls_ctx_client_new(struct tls_root_ctx *ctx)
|
||||
{
|
||||
crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
|
||||
}
|
||||
if (ERR_peek_error() != 0)
|
||||
{
|
||||
crypto_msg(M_WARN, "Warning: TLS client context initialisation "
|
||||
"has warnings.");
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
|
Loading…
Reference in New Issue
Block a user