From 447370b6c73546db867c249a74a9f4863fddf735 Mon Sep 17 00:00:00 2001
From: Matthias Andree <matthias.andree@gmx.de>
Date: Thu, 3 Jul 2008 14:46:39 +0000
Subject: SSL fix: check and report if SSL_set_fd fails. SSL change: enable all
 workarounds with SSL_CTX_set_options(ctx,SSL_OP_ALL)

svn path=/branches/BRANCH_6-3/; revision=5214
---
 socket.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'socket.c')

diff --git a/socket.c b/socket.c
index 1af4a393..e943f8b2 100644
--- a/socket.c
+++ b/socket.c
@@ -801,7 +801,7 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char
         int i;
 
 	SSL_load_error_strings();
-	SSLeay_add_ssl_algorithms();
+	SSLeay_add_ssl_algorithms(); /* synonym for SSL_library_init() */
 	
 #ifdef SSL_ENABLE
         if (stat("/dev/random", &randstat)  &&
@@ -851,6 +851,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char
 		return(-1);
 	}
 
+	SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL);
+
 	if (certck) {
 		SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
 	} else {
@@ -901,9 +903,8 @@ int SSLOpen(int sock, char *mycert, char *mykey, char *myproto, int certck, char
         	SSL_use_RSAPrivateKey_file(_ssl_context[sock], mykey, SSL_FILETYPE_PEM);
 	}
 
-	SSL_set_fd(_ssl_context[sock], sock);
-	
-	if(SSL_connect(_ssl_context[sock]) < 1) {
+	if (SSL_set_fd(_ssl_context[sock], sock) == 0 
+	    || SSL_connect(_ssl_context[sock]) < 1) {
 		ERR_print_errors_fp(stderr);
 		SSL_CTX_free(_ctx[sock]);
 		_ctx[sock] = NULL;
-- 
cgit v1.2.3