mirror of
https://github.com/openssl/openssl.git
synced 2026-05-07 20:12:39 +00:00
Gellért Peresztegi-Nagy
f60c9d1448
ssl_do_config() could leave stale errors on the error stack even on success, so that later error checking operations could mistakenly surface these errors. Use ERR_set_mark()/ERR_pop_to_mark() to cleanly discard errors when the function succeeds or when system config errors are non-fatal. Fixes #30760 Co-authored-by: Brandon Allard <brandon@redpanda.com> Reviewed-by: Matt Caswell <matt@openssl.foundation> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> MergeDate: Thu Apr 16 11:24:56 2026 (Merged from https://github.com/openssl/openssl/pull/30765)
91 lines
1.9 KiB
C
91 lines
1.9 KiB
C
/*
|
|
* Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
#include <openssl/opensslconf.h>
|
|
|
|
#include <string.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/tls1.h>
|
|
#include "testutil.h"
|
|
|
|
static int expect_failure = 0;
|
|
|
|
static int test_func(void)
|
|
{
|
|
int ret = 0;
|
|
SSL_CTX *ctx;
|
|
|
|
ctx = SSL_CTX_new(TLS_method());
|
|
if (expect_failure) {
|
|
if (!TEST_ptr_null(ctx))
|
|
goto err;
|
|
} else {
|
|
if (!TEST_ptr(ctx))
|
|
return 0;
|
|
if (!TEST_int_eq(SSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION)
|
|
&& !TEST_int_eq(SSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION)) {
|
|
TEST_info("min/max version setting incorrect");
|
|
goto err;
|
|
}
|
|
if (!TEST_long_eq(ERR_peek_error(), 0))
|
|
goto err;
|
|
}
|
|
ret = 1;
|
|
err:
|
|
SSL_CTX_free(ctx);
|
|
return ret;
|
|
}
|
|
|
|
int global_init(void)
|
|
{
|
|
if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL))
|
|
return 0;
|
|
return 1;
|
|
}
|
|
|
|
typedef enum OPTION_choice {
|
|
OPT_ERR = -1,
|
|
OPT_EOF = 0,
|
|
OPT_FAIL,
|
|
OPT_TEST_ENUM
|
|
} OPTION_CHOICE;
|
|
|
|
const OPTIONS *test_get_options(void)
|
|
{
|
|
static const OPTIONS test_options[] = {
|
|
OPT_TEST_OPTIONS_DEFAULT_USAGE,
|
|
{ "f", OPT_FAIL, '-', "A failure is expected" },
|
|
{ NULL }
|
|
};
|
|
return test_options;
|
|
}
|
|
|
|
int setup_tests(void)
|
|
{
|
|
OPTION_CHOICE o;
|
|
|
|
while ((o = opt_next()) != OPT_EOF) {
|
|
switch (o) {
|
|
case OPT_FAIL:
|
|
expect_failure = 1;
|
|
break;
|
|
case OPT_TEST_CASES:
|
|
break;
|
|
default:
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
ADD_TEST(test_func);
|
|
return 1;
|
|
}
|