Message ID | 20200421101122.24284-1-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | [Openvpn-devel] Fix tls_ctx_client/server_new leaving error on OpenSSL error stack | expand |
Acked-by: Gert Doering <gert@greenie.muc.de> "Explanation and Code make sense, Debian testing confirmed it fixes the problem observed" (which was a user error in the end, but led to an unexpected error in openvpn). Basic client test run with openssl 1.1.1 on Linux/Gentoo. Your patch has been applied to the master and release/2.4 branch. commit 75aa88af774abaa168bf72e43e1dbb57be14c044 (master) commit 125654bfa6f99a251b581522182e85748dd8043a (release/2.4) Author: Arne Schwabe Date: Tue Apr 21 12:11:22 2020 +0200 Fix tls_ctx_client/server_new leaving error on OpenSSL error stack Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20200421101122.24284-1-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19802.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 5955c6bd..555cbbdf 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -115,6 +115,11 @@ tls_ctx_server_new(struct tls_root_ctx *ctx) { crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method"); } + if (ERR_peek_error() != 0) + { + crypto_msg(M_WARN, "Warning: TLS server context initialisation " + "has warnings."); + } } void @@ -128,6 +133,11 @@ tls_ctx_client_new(struct tls_root_ctx *ctx) { crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method"); } + if (ERR_peek_error() != 0) + { + crypto_msg(M_WARN, "Warning: TLS client context initialisation " + "has warnings."); + } } void