Skip to content

Commit 6cbf375

Browse files
committed
tls: check result of SSL_CTX_set_*_proto_version
These functions generally should not fail, but we also shouldn't ignore potential failures entirely since security properties of the application might depend on successful configuration. This also is consistent with the existing CHECKs in SetMinProto() and SetMaxProto().
1 parent d302537 commit 6cbf375

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

src/crypto/crypto_context.cc

+2-2
Original file line numberDiff line numberDiff line change
@@ -540,8 +540,8 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
540540
SSL_SESS_CACHE_NO_INTERNAL |
541541
SSL_SESS_CACHE_NO_AUTO_CLEAR);
542542

543-
SSL_CTX_set_min_proto_version(sc->ctx_.get(), min_version);
544-
SSL_CTX_set_max_proto_version(sc->ctx_.get(), max_version);
543+
CHECK(SSL_CTX_set_min_proto_version(sc->ctx_.get(), min_version));
544+
CHECK(SSL_CTX_set_max_proto_version(sc->ctx_.get(), max_version));
545545

546546
// OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was
547547
// exposed in the public API. To retain compatibility, install a callback

0 commit comments

Comments
 (0)