Always apply all configuration settings from the ssl section

Even if some configuration entry is incorrect, do not
skip the remaining ones.

Fixes #20789

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23048)
This commit is contained in:
Tomas Mraz 2023-12-14 16:26:21 +01:00
parent 5ccd4dec6f
commit 69c067ffbc

View File

@ -24,7 +24,7 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
{
SSL_CONF_CTX *cctx = NULL;
size_t i, idx, cmd_count;
int rv = 0;
int err = 1;
unsigned int flags;
const SSL_METHOD *meth;
const SSL_CONF_CMD *cmds;
@ -66,8 +66,10 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
flags |= SSL_CONF_FLAG_CLIENT;
SSL_CONF_CTX_set_flags(cctx, flags);
prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
err = 0;
for (i = 0; i < cmd_count; i++) {
char *cmdstr, *arg;
int rv;
conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
rv = SSL_CONF_cmd(cctx, cmdstr, arg);
@ -76,14 +78,15 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
ERR_raise_data(ERR_LIB_SSL, errcode,
"section=%s, cmd=%s, arg=%s", name, cmdstr, arg);
goto err;
++err;
}
}
rv = SSL_CONF_CTX_finish(cctx);
if (!SSL_CONF_CTX_finish(cctx))
++err;
err:
OSSL_LIB_CTX_set0_default(prev_libctx);
SSL_CONF_CTX_free(cctx);
return rv <= 0 ? 0 : 1;
return err == 0;
}
int SSL_config(SSL *s, const char *name)