diff options
author | Ricardo Mestre <mestre@cvs.openbsd.org> | 2016-11-21 16:36:11 +0000 |
---|---|---|
committer | Ricardo Mestre <mestre@cvs.openbsd.org> | 2016-11-21 16:36:11 +0000 |
commit | a2d846b5a2de1b68235e2a8b98e78c09b4a67202 (patch) | |
tree | c11e07673b9d46c580e6ef1c35c5abb2af33b6db | |
parent | 5ffcd963ecd6d18cea2dff4143498f0334e346e6 (diff) |
Check return value of tls_config_set_protocols(3) and log if it fails
OK bluhm@
-rw-r--r-- | usr.sbin/syslogd/syslogd.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index e8babd0b10f..91bcf8ae42d 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syslogd.c,v 1.221 2016/10/17 11:19:55 bluhm Exp $ */ +/* $OpenBSD: syslogd.c,v 1.222 2016/11/21 16:36:10 mestre Exp $ */ /* * Copyright (c) 1983, 1988, 1993, 1994 @@ -616,7 +616,10 @@ main(int argc, char *argv[]) } else if (ClientCertfile || ClientKeyfile) { logerrorx("options -c and -k must be used together"); } - tls_config_set_protocols(client_config, TLS_PROTOCOLS_ALL); + if (tls_config_set_protocols(client_config, TLS_PROTOCOLS_ALL) + != 0) + logerrortlsconf("Set client TLS protocols failed", + client_config); if (tls_config_set_ciphers(client_config, "all") != 0) logerrortlsconf("Set client TLS ciphers failed", client_config); @@ -663,7 +666,10 @@ main(int argc, char *argv[]) logdebug("Server CAfile %s\n", ServerCAfile); tls_config_verify_client(server_config); } - tls_config_set_protocols(server_config, TLS_PROTOCOLS_ALL); + if (tls_config_set_protocols(server_config, TLS_PROTOCOLS_ALL) + != 0) + logerrortlsconf("Set server TLS protocols failed", + server_config); if (tls_config_set_ciphers(server_config, "compat") != 0) logerrortlsconf("Set server TLS ciphers failed", server_config); |