From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 23 Apr 2025 12:46:17 +0000 (-0400)
Subject: Correctly detect error from SSL_CTX_set1_groups_list.
X-Git-Tag: tor-0.4.8.17~11^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7927946fdd73aecb86fb7c76ee4adb7a80e71e1;p=thirdparty%2Ftor.git

Correctly detect error from SSL_CTX_set1_groups_list.

Previously our code was checking for '< 0', but the error return value for
this function _is_ zero.
---

diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 9bd0b72b96..3d20453c07 100644
--- a/src/lib/tls/tortls_openssl.c
+++ b/src/lib/tls/tortls_openssl.c
@@ -673,7 +673,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
     const char *list;
     list = "P-256:P-224";
     int r = (int) SSL_CTX_set1_groups_list(result->ctx, list);
-    if (r < 0)
+    if (r == 0)
       goto error;
   }
 #else /* !(defined(SSL_CTX_set1_groups_list) || defined(HAVE_SSL_CTX_SE...)) */