mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-08 12:31:21 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: returns when SSL_CTX_new failed during init

Browse Source 
In ssl_sock_initial_ctx(), returns when SSL_CTX_new() failed instead of
trying to apply anything on the ctx. This may avoid crashing when
there's not enough memory anymore during configuration parsing.

Could be backported in every haproxy versions
This commit is contained in:
William Lallemand 2025-10-22 17:56:45 +02:00
parent 2f621aa52e
commit 83e3cbc262
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/ssl_sock.c
View File

@ -3942,6 +3942,13 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
const int default_min_ver = CONF_TLSV12; const int default_min_ver = CONF_TLSV12;
ctx = SSL_CTX_new(SSLv23_server_method()); ctx = SSL_CTX_new(SSLv23_server_method());
if (!ctx) {
cfgerr += 1;
ha_alert("Proxy '%s': failed to create an SSL context for bind '%s' at [%s:%d].\n",
bind_conf->frontend->id, bind_conf->arg, bind_conf->file, bind_conf->line);
goto end;
}
bind_conf->initial_ctx = ctx; bind_conf->initial_ctx = ctx;
if (global_ssl.security_level > -1) if (global_ssl.security_level > -1)
@ -4067,6 +4074,7 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
# endif # endif
SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf); SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
#endif /* ! SSL_CTRL_SET_TLSEXT_HOSTNAME */ #endif /* ! SSL_CTRL_SET_TLSEXT_HOSTNAME */
end:
return cfgerr; return cfgerr;
} }