diff options
| author | Iwan Timmer <irtimmer@gmail.com> | 2019-06-17 22:33:50 +0200 |
|---|---|---|
| committer | Iwan Timmer <irtimmer@gmail.com> | 2019-06-18 19:16:36 +0200 |
| commit | 71a681ae50175a569bf832d2615fd11994c41d73 (patch) | |
| tree | 0d55c735f7a654a03600203b8c9f92083a1b7ec1 | |
| parent | e22c5b20641e3ce6cd029cb40e3f4ed1330493bf (diff) | |
| download | systemd-71a681ae50175a569bf832d2615fd11994c41d73.tar.gz | |
resolved: add missing error code check when initializing DNS-over-TLS
| -rw-r--r-- | src/resolve/resolved-dnstls-gnutls.c | 9 | ||||
| -rw-r--r-- | src/resolve/resolved-dnstls-openssl.c | 14 | ||||
| -rw-r--r-- | src/resolve/resolved-dnstls.h | 2 | ||||
| -rw-r--r-- | src/resolve/resolved-manager.c | 4 |
4 files changed, 18 insertions, 11 deletions
diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c index 7defd119a4..d824d6ca5a 100644 --- a/src/resolve/resolved-dnstls-gnutls.c +++ b/src/resolve/resolved-dnstls-gnutls.c @@ -194,14 +194,15 @@ void dnstls_server_free(DnsServer *server) { gnutls_free(server->dnstls_data.session_data.data); } -void dnstls_manager_init(Manager *manager) { +int dnstls_manager_init(Manager *manager) { int r; assert(manager); - gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred); - r = gnutls_certificate_set_x509_trust_file(manager->dnstls_data.cert_cred, manager->trusted_certificate_file, GNUTLS_X509_FMT_PEM); + r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred); if (r < 0) - log_error("Failed to load trusted certificate file %s: %s", manager->trusted_certificate_file, gnutls_strerror(r)); + return -ENOMEM; + + return 0; } void dnstls_manager_free(Manager *manager) { diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c index 6b2e1b218f..22d579a7f7 100644 --- a/src/resolve/resolved-dnstls-openssl.c +++ b/src/resolve/resolved-dnstls-openssl.c @@ -344,17 +344,21 @@ void dnstls_server_free(DnsServer *server) { SSL_SESSION_free(server->dnstls_data.session); } -void dnstls_manager_init(Manager *manager) { +int dnstls_manager_init(Manager *manager) { int r; assert(manager); ERR_load_crypto_strings(); SSL_load_error_strings(); manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method()); - if (manager->dnstls_data.ctx) { - SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION); - SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION); - } + + if (!manager->dnstls_data.ctx) + return -ENOMEM; + + SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION); + SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION); + + return 0; } void dnstls_manager_free(Manager *manager) { diff --git a/src/resolve/resolved-dnstls.h b/src/resolve/resolved-dnstls.h index b01de2d9d2..2212821bdf 100644 --- a/src/resolve/resolved-dnstls.h +++ b/src/resolve/resolved-dnstls.h @@ -31,5 +31,5 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count); void dnstls_server_free(DnsServer *server); -void dnstls_manager_init(Manager *manager); +int dnstls_manager_init(Manager *manager); void dnstls_manager_free(Manager *manager); diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c index 433d50cc2b..02153b929f 100644 --- a/src/resolve/resolved-manager.c +++ b/src/resolve/resolved-manager.c @@ -598,7 +598,9 @@ int manager_new(Manager **ret) { log_warning_errno(r, "Failed to parse configuration file: %m"); #if ENABLE_DNS_OVER_TLS - dnstls_manager_init(m); + r = dnstls_manager_init(m); + if (r < 0) + return r; #endif r = sd_event_default(&m->event); |