summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRicardo Mestre <mestre@cvs.openbsd.org>2016-11-21 16:36:11 +0000
committerRicardo Mestre <mestre@cvs.openbsd.org>2016-11-21 16:36:11 +0000
commita2d846b5a2de1b68235e2a8b98e78c09b4a67202 (patch)
treec11e07673b9d46c580e6ef1c35c5abb2af33b6db
parent5ffcd963ecd6d18cea2dff4143498f0334e346e6 (diff)
Check return value of tls_config_set_protocols(3) and log if it fails
OK bluhm@
-rw-r--r--usr.sbin/syslogd/syslogd.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
index e8babd0b10f..91bcf8ae42d 100644
--- a/usr.sbin/syslogd/syslogd.c
+++ b/usr.sbin/syslogd/syslogd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: syslogd.c,v 1.221 2016/10/17 11:19:55 bluhm Exp $ */
+/* $OpenBSD: syslogd.c,v 1.222 2016/11/21 16:36:10 mestre Exp $ */
/*
* Copyright (c) 1983, 1988, 1993, 1994
@@ -616,7 +616,10 @@ main(int argc, char *argv[])
} else if (ClientCertfile || ClientKeyfile) {
logerrorx("options -c and -k must be used together");
}
- tls_config_set_protocols(client_config, TLS_PROTOCOLS_ALL);
+ if (tls_config_set_protocols(client_config, TLS_PROTOCOLS_ALL)
+ != 0)
+ logerrortlsconf("Set client TLS protocols failed",
+ client_config);
if (tls_config_set_ciphers(client_config, "all") != 0)
logerrortlsconf("Set client TLS ciphers failed",
client_config);
@@ -663,7 +666,10 @@ main(int argc, char *argv[])
logdebug("Server CAfile %s\n", ServerCAfile);
tls_config_verify_client(server_config);
}
- tls_config_set_protocols(server_config, TLS_PROTOCOLS_ALL);
+ if (tls_config_set_protocols(server_config, TLS_PROTOCOLS_ALL)
+ != 0)
+ logerrortlsconf("Set server TLS protocols failed",
+ server_config);
if (tls_config_set_ciphers(server_config, "compat") != 0)
logerrortlsconf("Set server TLS ciphers failed",
server_config);