[Spice-devel] [PATCH 3/7] reds: report SSL initialization errors

Christophe Fergeau cfergeau at redhat.com
Wed Sep 12 07:17:57 PDT 2012


Errors occurring in reds_init_ssl used to be fatal through the use
of spice_error, but this was downgraded to non-fatal spice_warning
calls recently. This means we no longer error out when invalid SSL
(certificates, ...) parameters are passed by the user.
This commit changes reds_init_ssl return value from void to int so
that errors can be reported to the caller.
---
 server/reds.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/server/reds.c b/server/reds.c
index 202d9c3..0cd3f40 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3227,7 +3227,7 @@ static void openssl_thread_setup(void)
     CRYPTO_set_locking_callback(pthreads_locking_callback);
 }
 
-static void reds_init_ssl(void)
+static int reds_init_ssl(void)
 {
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
     const SSL_METHOD *ssl_method;
@@ -3246,6 +3246,7 @@ static void reds_init_ssl(void)
     reds->ctx = SSL_CTX_new(ssl_method);
     if (!reds->ctx) {
         spice_warning("Could not allocate new SSL context");
+        return -1;
     }
 
     /* Limit connection to TLSv1 only */
@@ -3260,6 +3261,7 @@ static void reds_init_ssl(void)
         spice_info("Loaded certificates from %s", ssl_parameters.certs_file);
     } else {
         spice_warning("Could not load certificates from %s", ssl_parameters.certs_file);
+        return -1;
     }
 
     SSL_CTX_set_default_passwd_cb(reds->ctx, ssl_password_cb);
@@ -3270,6 +3272,7 @@ static void reds_init_ssl(void)
         spice_info("Using private key from %s", ssl_parameters.private_key_file);
     } else {
         spice_warning("Could not use private key file");
+        return -1;
     }
 
     /* Load the CAs we trust*/
@@ -3278,6 +3281,7 @@ static void reds_init_ssl(void)
         spice_info("Loaded CA certificates from %s", ssl_parameters.ca_certificate_file);
     } else {
         spice_warning("Could not use CA file %s", ssl_parameters.ca_certificate_file);
+        return -1;
     }
 
 #if (OPENSSL_VERSION_NUMBER < 0x00905100L)
@@ -3299,6 +3303,8 @@ static void reds_init_ssl(void)
     STACK *cmp_stack = SSL_COMP_get_compression_methods();
     sk_zero(cmp_stack);
 #endif
+
+    return 0;
 }
 
 static void reds_exit(void)
-- 
1.7.11.4



More information about the Spice-devel mailing list