Merge pull request #4710 from pks-t/pks/ssl-init-errors streams: report OpenSSL errors if global init fails
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
diff --git a/src/streams/openssl.c b/src/streams/openssl.c
index 8a1befc..7fd810a 100644
--- a/src/streams/openssl.c
+++ b/src/streams/openssl.c
@@ -218,39 +218,34 @@ int git_openssl_stream_global_init(void)
* compatibility. We then disable SSL so we only allow OpenSSL
* to speak TLSv1 to perform the encryption itself.
*/
- git__ssl_ctx = SSL_CTX_new(SSLv23_method());
- if (!git__ssl_ctx) {
- return -1;
- }
+ if (!(git__ssl_ctx = SSL_CTX_new(SSLv23_method())))
+ goto error;
SSL_CTX_set_options(git__ssl_ctx, ssl_opts);
SSL_CTX_set_mode(git__ssl_ctx, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_verify(git__ssl_ctx, SSL_VERIFY_NONE, NULL);
- if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx)) {
- SSL_CTX_free(git__ssl_ctx);
- git__ssl_ctx = NULL;
- return -1;
- }
+ if (!SSL_CTX_set_default_verify_paths(git__ssl_ctx))
+ goto error;
- if (!ciphers) {
+ if (!ciphers)
ciphers = GIT_SSL_DEFAULT_CIPHERS;
- }
- if(!SSL_CTX_set_cipher_list(git__ssl_ctx, ciphers)) {
- SSL_CTX_free(git__ssl_ctx);
- git__ssl_ctx = NULL;
- return -1;
- }
+ if(!SSL_CTX_set_cipher_list(git__ssl_ctx, ciphers))
+ goto error;
- if (init_bio_method() < 0) {
- SSL_CTX_free(git__ssl_ctx);
- git__ssl_ctx = NULL;
- return -1;
- }
+ if (init_bio_method() < 0)
+ goto error;
git__on_shutdown(shutdown_ssl);
return 0;
+
+error:
+ giterr_set(GITERR_NET, "could not initialize openssl: %s",
+ ERR_error_string(ERR_get_error(), NULL));
+ SSL_CTX_free(git__ssl_ctx);
+ git__ssl_ctx = NULL;
+ return -1;
}
#if defined(GIT_THREADS) && defined(OPENSSL_LEGACY_API)