gtls: check return code for gnutls_alpn_set_protocolsbagder/gtls-return-check

author: Daniel Stenberg <daniel@haxx.se> 2021-12-25 21:48:38 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2021-12-25 21:48:38 +0100
commit: 4c9d3861ef9921bff73b9bd20e01d9ba9a72a2ab (patch)
tree: 45a03de43c5f6dc398d94433d67caf007926d4c4
parent: d4492b6d125d31ef5c74e4deb6786896606b70cc (diff)
download: curl-bagder/gtls-return-check.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 2053fd439..3d7c29ebd 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -497,6 +497,7 @@ gtls_connect_step1(struct Curl_easy *data,
   /* use system ca certificate store as fallback */
   if(SSL_CONN_CONFIG(verifypeer) &&
      !(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath))) {
+    /* this ignores errors on purpose */
     gnutls_certificate_set_x509_system_trust(backend->cred);
   }
 #endif
@@ -631,7 +632,10 @@ gtls_connect_step1(struct Curl_easy *data,
     cur++;
     infof(data, "ALPN, offering %s", ALPN_HTTP_1_1);
 
-    gnutls_alpn_set_protocols(session, protocols, cur, 0);
+    if(gnutls_alpn_set_protocols(session, protocols, cur, 0)) {
+      failf(data, "failed setting ALPN");
+      return CURLE_SSL_CONNECT_ERROR;
+    }
   }
 
   if(SSL_SET_OPTION(primary.clientcert)) {
author	Daniel Stenberg <daniel@haxx.se>	2021-12-25 21:48:38 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2021-12-25 21:48:38 +0100
commit	4c9d3861ef9921bff73b9bd20e01d9ba9a72a2ab (patch)
tree	45a03de43c5f6dc398d94433d67caf007926d4c4
parent	d4492b6d125d31ef5c74e4deb6786896606b70cc (diff)
download	curl-bagder/gtls-return-check.tar.gz