resolved: add missing error code check when initializing DNS-over-TLS
authorIwan Timmer <irtimmer@gmail.com>
Mon, 17 Jun 2019 20:33:50 +0000 (22:33 +0200)
committerIwan Timmer <irtimmer@gmail.com>
Tue, 18 Jun 2019 17:16:36 +0000 (19:16 +0200)
src/resolve/resolved-dnstls-gnutls.c
src/resolve/resolved-dnstls-openssl.c
src/resolve/resolved-dnstls.h
src/resolve/resolved-manager.c

index 7defd11..d824d6c 100644 (file)
@@ -194,14 +194,15 @@ void dnstls_server_free(DnsServer *server) {
                 gnutls_free(server->dnstls_data.session_data.data);
 }
 
-void dnstls_manager_init(Manager *manager) {
+int dnstls_manager_init(Manager *manager) {
         int r;
         assert(manager);
 
-        gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
-        r = gnutls_certificate_set_x509_trust_file(manager->dnstls_data.cert_cred, manager->trusted_certificate_file, GNUTLS_X509_FMT_PEM);
+        r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
         if (r < 0)
-                log_error("Failed to load trusted certificate file %s: %s", manager->trusted_certificate_file, gnutls_strerror(r));
+                return -ENOMEM;
+
+        return 0;
 }
 
 void dnstls_manager_free(Manager *manager) {
index 6b2e1b2..22d579a 100644 (file)
@@ -344,17 +344,21 @@ void dnstls_server_free(DnsServer *server) {
                 SSL_SESSION_free(server->dnstls_data.session);
 }
 
-void dnstls_manager_init(Manager *manager) {
+int dnstls_manager_init(Manager *manager) {
         int r;
         assert(manager);
 
         ERR_load_crypto_strings();
         SSL_load_error_strings();
         manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
-        if (manager->dnstls_data.ctx) {
-                SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
-                SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
-        }
+
+        if (!manager->dnstls_data.ctx)
+                return -ENOMEM;
+
+        SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
+        SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
+
+        return 0;
 }
 
 void dnstls_manager_free(Manager *manager) {
index b01de2d..2212821 100644 (file)
@@ -31,5 +31,5 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count);
 
 void dnstls_server_free(DnsServer *server);
 
-void dnstls_manager_init(Manager *manager);
+int dnstls_manager_init(Manager *manager);
 void dnstls_manager_free(Manager *manager);
index 433d50c..02153b9 100644 (file)
@@ -598,7 +598,9 @@ int manager_new(Manager **ret) {
                 log_warning_errno(r, "Failed to parse configuration file: %m");
 
 #if ENABLE_DNS_OVER_TLS
-        dnstls_manager_init(m);
+        r = dnstls_manager_init(m);
+        if (r < 0)
+                return r;
 #endif
 
         r = sd_event_default(&m->event);