gtls: check return code for gnutls_alpn_set_protocols

author Daniel Stenberg <daniel@haxx.se>

Sat, 25 Dec 2021 20:48:38 +0000 (21:48 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Sun, 26 Dec 2021 10:28:23 +0000 (11:28 +0100)
author Daniel Stenberg <daniel@haxx.se>
Sat, 25 Dec 2021 20:48:38 +0000 (21:48 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Sun, 26 Dec 2021 10:28:23 +0000 (11:28 +0100)
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c

index 2053fd439daeb3d56b5ca882ec799efdf2b0e48d..3d7c29ebd65b6d4faf870c6737f1d8ac631559ab 100644 (file)
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -497,6 +497,7 @@ gtls_connect_step1(struct Curl_easy *data,
    /* use system ca certificate store as fallback */
    if(SSL_CONN_CONFIG(verifypeer) &&
       !(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath))) {
+    /* this ignores errors on purpose */
      gnutls_certificate_set_x509_system_trust(backend->cred);
    }
  #endif
@@ -631,7 +632,10 @@ gtls_connect_step1(struct Curl_easy *data,
      cur++;
      infof(data, "ALPN, offering %s", ALPN_HTTP_1_1);
  
-    gnutls_alpn_set_protocols(session, protocols, cur, 0);
+    if(gnutls_alpn_set_protocols(session, protocols, cur, 0)) {
+      failf(data, "failed setting ALPN");
+      return CURLE_SSL_CONNECT_ERROR;
+    }
    }
  
    if(SSL_SET_OPTION(primary.clientcert)) {
author	Daniel Stenberg <daniel@haxx.se>
	Sat, 25 Dec 2021 20:48:38 +0000 (21:48 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Sun, 26 Dec 2021 10:28:23 +0000 (11:28 +0100)