mirror of
https://github.com/openssl/openssl.git
synced 2025-03-07 19:38:33 +08:00
Always apply all configuration settings from the ssl section
Even if some configuration entry is incorrect, do not skip the remaining ones. Fixes #20789 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/23048)
This commit is contained in:
parent
5ccd4dec6f
commit
69c067ffbc
@ -24,7 +24,7 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
|
||||
{
|
||||
SSL_CONF_CTX *cctx = NULL;
|
||||
size_t i, idx, cmd_count;
|
||||
int rv = 0;
|
||||
int err = 1;
|
||||
unsigned int flags;
|
||||
const SSL_METHOD *meth;
|
||||
const SSL_CONF_CMD *cmds;
|
||||
@ -66,8 +66,10 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
|
||||
flags |= SSL_CONF_FLAG_CLIENT;
|
||||
SSL_CONF_CTX_set_flags(cctx, flags);
|
||||
prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
|
||||
err = 0;
|
||||
for (i = 0; i < cmd_count; i++) {
|
||||
char *cmdstr, *arg;
|
||||
int rv;
|
||||
|
||||
conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
|
||||
rv = SSL_CONF_cmd(cctx, cmdstr, arg);
|
||||
@ -76,14 +78,15 @@ static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
|
||||
|
||||
ERR_raise_data(ERR_LIB_SSL, errcode,
|
||||
"section=%s, cmd=%s, arg=%s", name, cmdstr, arg);
|
||||
goto err;
|
||||
++err;
|
||||
}
|
||||
}
|
||||
rv = SSL_CONF_CTX_finish(cctx);
|
||||
if (!SSL_CONF_CTX_finish(cctx))
|
||||
++err;
|
||||
err:
|
||||
OSSL_LIB_CTX_set0_default(prev_libctx);
|
||||
SSL_CONF_CTX_free(cctx);
|
||||
return rv <= 0 ? 0 : 1;
|
||||
return err == 0;
|
||||
}
|
||||
|
||||
int SSL_config(SSL *s, const char *name)
|
||||
|
Loading…
Reference in New Issue
Block a user