The new init functions can now fail so shouldn't be void

The new init functions can fail if the library has already been stopped. We should be able to indicate failure with a 0 return value. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 13:59:15 +00:00
parent 8bd8221be8
commit 0fc32b0718
13 changed files with 50 additions and 24 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2270,7 +2270,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
        return (NULL);
    }

-    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
+        return NULL;

    if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE);