Merge r1916054 from trunk:

mod_ssl: Check SSL_CTX_new() return value

SSL_CTX_new() will return NULL if there was an error creating a new SSL context.

Submitted by: StephenWall
Github: closes #402
Reviewed by: jailletc36, rjung, jorton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923248 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 6f572d2976b29d2699ce341ec2c9f29d2acfb33d..58afac0ecf47505aee518810c362a4f4fd267012 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@ Changes with Apache 2.4.63
   *) mod_cache_socache: Fix possible crash on error path. PR 69358.
      [Ruediger Pluem]
 
+  *) mod_ssl: Fail cleanly at startup if OpenSSL initialization fails.
+     [StephenWall]
+
   *) mod_md: update to version 2.4.31
      - Improved error reporting when waiting for ACME server to verify domains
        or finalizing the order fails, e.g. times out.

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 598e89fc0fb32ca8b27f5affa9a4547deca80154..7d0fabe4eff77f4eef3fa4fa499d881fd28cb451 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -692,6 +692,11 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
         TLS_server_method();  /* server */
 #endif
     ctx = SSL_CTX_new(method);
+    if (ctx == NULL) {
+        /* Can fail for some system/install mis-configuration. */
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+        return ssl_die(s);
+    }
 
     mctx->ssl_ctx = ctx;