upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix unreachable code in ssl set options code.

Browse source
This commit is contained in:
W.C.A. Wijngaards 2020-01-10 11:28:01 +01:00
parent a8db52120b
commit e149bc7046
4 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/Changelog
View file

@ -1,6 +1,7 @@
10 January 2020: Wouter 10 January 2020: Wouter
- Fix the relationship between serve-expired and prefetch options, - Fix the relationship between serve-expired and prefetch options,
patch from Saksham Manchanda from Secure64. patch from Saksham Manchanda from Secure64.
- Fix unreachable code in ssl set options code.
8 January 2020: Ralph 8 January 2020: Ralph
- Fix #138: stop binding pidfile inside chroot dir in systemd service - Fix #138: stop binding pidfile inside chroot dir in systemd service

2
smallapp/unbound-control.c
View file

@ -493,9 +493,11 @@ setup_ctx(struct config_file* cfg)
ctx = SSL_CTX_new(SSLv23_client_method()); ctx = SSL_CTX_new(SSLv23_client_method());
if(!ctx) if(!ctx)
ssl_err("could not allocate SSL_CTX pointer"); ssl_err("could not allocate SSL_CTX pointer");
#if SSL_OP_NO_SSLv2 != 0
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
!= SSL_OP_NO_SSLv2) != SSL_OP_NO_SSLv2)
ssl_err("could not set SSL_OP_NO_SSLv2"); ssl_err("could not set SSL_OP_NO_SSLv2");
#endif
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
!= SSL_OP_NO_SSLv3) != SSL_OP_NO_SSLv3)
ssl_err("could not set SSL_OP_NO_SSLv3"); ssl_err("could not set SSL_OP_NO_SSLv3");

2
testcode/petal.c
View file

@ -234,7 +234,9 @@ setup_ctx(char* key, char* cert)
{ {
SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method()); SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method());
if(!ctx) print_exit("out of memory"); if(!ctx) print_exit("out of memory");
#if SSL_OP_NO_SSLv2 != 0
(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
#endif
(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) if(!SSL_CTX_use_certificate_chain_file(ctx, cert))
print_exit("cannot read cert"); print_exit("cannot read cert");

4
util/net_help.c
View file

@ -728,11 +728,13 @@ listen_sslctx_setup(void* ctxt)
#ifdef HAVE_SSL #ifdef HAVE_SSL
SSL_CTX* ctx = (SSL_CTX*)ctxt; SSL_CTX* ctx = (SSL_CTX*)ctxt;
/* no SSLv2, SSLv3 because has defects */ /* no SSLv2, SSLv3 because has defects */
#if SSL_OP_NO_SSLv2 != 0
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
!= SSL_OP_NO_SSLv2){ != SSL_OP_NO_SSLv2){
log_crypto_err("could not set SSL_OP_NO_SSLv2"); log_crypto_err("could not set SSL_OP_NO_SSLv2");
return 0; return 0;
} }
#endif
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
!= SSL_OP_NO_SSLv3){ != SSL_OP_NO_SSLv3){
log_crypto_err("could not set SSL_OP_NO_SSLv3"); log_crypto_err("could not set SSL_OP_NO_SSLv3");
@ -968,12 +970,14 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert)
log_crypto_err("could not allocate SSL_CTX pointer"); log_crypto_err("could not allocate SSL_CTX pointer");
return NULL; return NULL;
} }
#if SSL_OP_NO_SSLv2 != 0
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
!= SSL_OP_NO_SSLv2) { != SSL_OP_NO_SSLv2) {
log_crypto_err("could not set SSL_OP_NO_SSLv2"); log_crypto_err("could not set SSL_OP_NO_SSLv2");
SSL_CTX_free(ctx); SSL_CTX_free(ctx);
return NULL; return NULL;
} }
#endif
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3) if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
!= SSL_OP_NO_SSLv3) { != SSL_OP_NO_SSLv3) {
log_crypto_err("could not set SSL_OP_NO_SSLv3"); log_crypto_err("could not set SSL_OP_NO_SSLv3");