Check return value of tls_config_set_protocols(3) and bail out in case of

failure

Feedback and OK jsing@

2 files changed, 8 insertions, 4 deletions

diff --git a/libexec/spamd/spamd.c b/libexec/spamd/spamd.c
index 3e361a857df..86a97ebed1b 100644
--- a/libexec/spamd/spamd.c
+++ b/libexec/spamd/spamd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: spamd.c,v 1.146 2016/11/08 09:31:55 mestre Exp $	*/
+/*	$OpenBSD: spamd.c,v 1.147 2016/11/30 07:54:36 mestre Exp $	*/
 
 /*
  * Copyright (c) 2015 Henning Brauer <henning@openbsd.org>
@@ -455,7 +455,8 @@ spamd_tls_init()
 	if ((tlsctx = tls_server()) == NULL)
 		errx(1, "failed to get tls server");
 
-	tls_config_set_protocols(tlscfg, TLS_PROTOCOLS_ALL);
+	if (tls_config_set_protocols(tlscfg, TLS_PROTOCOLS_ALL) != 0)
+		errx(1, "failed to set tls protocols");
 
 	/* might need user-specified ciphers, tls_config_set_ciphers */
 	if (tls_config_set_ciphers(tlscfg, "all") != 0)
diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c
index 99de864a88b..94e83c10f07 100644
--- a/usr.bin/ftp/main.c
+++ b/usr.bin/ftp/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.111 2016/11/06 13:16:50 jsing Exp $	*/
+/*	$OpenBSD: main.c,v 1.112 2016/11/30 07:55:24 mestre Exp $	*/
 /*	$NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $	*/
 
 /*
@@ -251,7 +251,10 @@ main(volatile int argc, char *argv[])
 		tls_config = tls_config_new();
 		if (tls_config == NULL)
 			errx(1, "tls config failed");
-		tls_config_set_protocols(tls_config, TLS_PROTOCOLS_ALL);
+		if (tls_config_set_protocols(tls_config,
+		    TLS_PROTOCOLS_ALL) != 0)
+			errx(1, "tls set protocols failed: %s",
+			    tls_config_error(tls_config));
 		if (tls_config_set_ciphers(tls_config, "legacy") != 0)
 			errx(1, "tls set ciphers failed: %s",
 			    tls_config_error(tls_config));