[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Wed Feb 10 17:43:20 UTC 2016
The branch master has been updated
via 9cc55ddda5bbfde2e98fb94f312b960ab11a8c60 (commit)
via 068f07fe759856435b880c9c1a3bdcff62142c84 (commit)
via 302f75887e52bbe0ab7a5806335a0a1264323b07 (commit)
via 0fc32b0718ec210e03b6d8623d4819ed04615a1b (commit)
from 8bd8221be80708825ddb9771d4c9fff67860119b (commit)
- Log -----------------------------------------------------------------
commit 9cc55ddda5bbfde2e98fb94f312b960ab11a8c60
Author: Matt Caswell <matt at openssl.org>
Date: Wed Feb 10 16:17:01 2016 +0000
Add some documentation about init after deinit
Attempting to init after deinit is an error. Update the documentation
accordingly.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 068f07fe759856435b880c9c1a3bdcff62142c84
Author: Matt Caswell <matt at openssl.org>
Date: Wed Feb 10 16:02:49 2016 +0000
Update CHANGES following init function renaming
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 302f75887e52bbe0ab7a5806335a0a1264323b07
Author: Matt Caswell <matt at openssl.org>
Date: Wed Feb 10 15:16:06 2016 +0000
Attempt to log an error if init failed
If init failed we'd like to set an error code to indicate that. But if
init failed then when the error system tries to load its strings its going
to fail again. We could get into an infinite loop. Therefore we just set
a single error the first time around. After that no error is set.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 0fc32b0718ec210e03b6d8623d4819ed04615a1b
Author: Matt Caswell <matt at openssl.org>
Date: Wed Feb 10 13:59:15 2016 +0000
The new init functions can now fail so shouldn't be void
The new init functions can fail if the library has already been stopped. We
should be able to indicate failure with a 0 return value.
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 5 ++---
apps/errstr.c | 5 +++++
apps/openssl.c | 5 +++--
crypto/async/async.c | 8 +++++---
crypto/comp/c_zlib.c | 6 +++++-
crypto/cpt_err.c | 5 ++++-
crypto/err/err.c | 4 +++-
crypto/evp/names.c | 9 +++++++--
crypto/init.c | 23 +++++++++++++++++++----
doc/crypto/OPENSSL_init_crypto.pod | 23 +++++++++++++++--------
doc/ssl/OPENSSL_init_ssl.pod | 6 +++++-
include/openssl/crypto.h | 3 ++-
include/openssl/err.h | 1 +
include/openssl/ssl.h | 3 ++-
ssl/ssl_err.c | 4 +++-
ssl/ssl_init.c | 25 ++++++++++++++++++++-----
ssl/ssl_lib.c | 3 ++-
17 files changed, 103 insertions(+), 35 deletions(-)
diff --git a/CHANGES b/CHANGES
index 0bbc257..eb6ee3f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -24,9 +24,8 @@
*) Added support for auto-initialisation and de-initialisation of the library.
OpenSSL no longer requires explicit init or deinit routines to be called,
- except in certain circumstances. See the
- OPENSSL_INIT_crypto_library_start() and OPENSSL_INIT_ssl_library_start()
- man pages for further information.
+ except in certain circumstances. See the OPENSSL_init_crypto() and
+ OPENSSL_init_ssl() man pages for further information.
[Matt Caswell]
*) The arguments to the DTLSv1_listen function have changed. Specifically the
diff --git a/apps/errstr.c b/apps/errstr.c
index 960815d..99bb9e9 100644
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -114,6 +114,11 @@ int errstr_main(int argc, char **argv)
if (!opt_ulong(*argv, &l))
ret++;
else {
+ /* We're not really an SSL application so this won't auto-init, but
+ * we're still interested in SSL error strings
+ */
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+ | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
ERR_error_string_n(l, buf, sizeof buf);
BIO_printf(bio_out, "%s\n", buf);
}
diff --git a/apps/openssl.c b/apps/openssl.c
index 4a6185b..e9c24d0 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -172,8 +172,9 @@ static int apps_startup()
#endif
/* Set non-default library initialisation settings */
- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN
- | OPENSSL_INIT_LOAD_CONFIG, NULL);
+ if (!OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN
+ | OPENSSL_INIT_LOAD_CONFIG, NULL))
+ return 0;
setup_ui_method();
diff --git a/crypto/async/async.c b/crypto/async/async.c
index db51144..ebc5ebb 100644
--- a/crypto/async/async.c
+++ b/crypto/async/async.c
@@ -97,7 +97,8 @@ err:
static async_ctx *async_get_ctx(void)
{
- OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL);
+ if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+ return NULL;
return async_arch_get_ctx();
}
@@ -361,9 +362,10 @@ int ASYNC_init_thread(size_t max_size, size_t init_size)
return 0;
}
- OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL);
+ if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) {
+ return 0;
+ }
if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) {
- ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
return 0;
}
diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index 619765c..baad9c6 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -289,9 +289,13 @@ COMP_METHOD *COMP_zlib(void)
&& p_inflateInit_ && p_deflateEnd
&& p_deflate && p_deflateInit_ && p_zError)
zlib_loaded++;
+
+ if (!OPENSSL_init_crypto(OPENSSL_INIT_ZLIB, NULL)) {
+ COMP_zlib_cleanup();
+ return meth;
+ }
if (zlib_loaded)
meth = &zlib_stateful_method;
- OPENSSL_init_crypto(OPENSSL_INIT_ZLIB, NULL);
}
}
#endif
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index 46bd9c8..d1e4b33 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -1,5 +1,5 @@
/* ====================================================================
- * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -84,6 +84,9 @@ static ERR_STRING_DATA CRYPTO_str_functs[] = {
{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"},
{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"},
{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"},
+ {ERR_FUNC(CRYPTO_F_OPENSSL_INIT_CRYPTO_LIBRARY_START),
+ "OPENSSL_INIT_crypto_library_start"},
+ {ERR_FUNC(CRYPTO_F_OPENSSL_MEMDUP), "OPENSSL_MEMDUP"},
{0, NULL}
};
diff --git a/crypto/err/err.c b/crypto/err/err.c
index d92e41e..5e1d5c5 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -223,6 +223,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
{ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"},
{ERR_R_INTERNAL_ERROR, "internal error"},
{ERR_R_DISABLED, "called a function that was disabled at compile-time"},
+ {ERR_R_INIT_FAIL, "init fail"},
{0, NULL},
};
@@ -894,8 +895,9 @@ ERR_STATE *ERR_get_state(void)
* the first one that we just replaced.
*/
ERR_STATE_free(tmpp);
+
+ /* Ignore failures from these */
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
- /* Ignore failures from this */
ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE);
}
return ret;
diff --git a/crypto/evp/names.c b/crypto/evp/names.c
index f6e5004..2a5606b 100644
--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
@@ -110,7 +110,8 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
{
const EVP_CIPHER *cp;
- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL);
+ if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL))
+ return NULL;
cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
return (cp);
@@ -120,7 +121,8 @@ const EVP_MD *EVP_get_digestbyname(const char *name)
{
const EVP_MD *cp;
- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+ if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL))
+ return NULL;
cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
return (cp);
@@ -166,6 +168,7 @@ void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph,
{
struct doall_cipher dc;
+ /* Ignore errors */
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL);
dc.fn = fn;
@@ -179,6 +182,7 @@ void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph,
{
struct doall_cipher dc;
+ /* Ignore errors */
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL);
dc.fn = fn;
@@ -207,6 +211,7 @@ void EVP_MD_do_all(void (*fn) (const EVP_MD *md,
{
struct doall_md dc;
+ /* Ignore errors */
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
dc.fn = fn;
diff --git a/crypto/init.c b/crypto/init.c
index 3238b80..cb9d65a 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -626,10 +626,23 @@ static const OPENSSL_INIT_SETTINGS *ossl_init_get_setting(
* called prior to any threads making calls to any OpenSSL functions,
* i.e. passing a non-null settings value is assumed to be single-threaded.
*/
-void OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
-{
- /* XXX TODO WARNING To be updated to return a value not assert. */
- assert(!stopped);
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
+{
+ static int stoperrset = 0;
+
+ if (stopped) {
+ if (!stoperrset) {
+ /*
+ * We only ever set this once to avoid getting into an infinite
+ * loop where the error system keeps trying to init and fails so
+ * sets an error etc
+ */
+ stoperrset = 1;
+ CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO_LIBRARY_START,
+ ERR_R_INIT_FAIL);
+ }
+ return 0;
+ }
ossl_init_once_run(&base, ossl_init_base);
@@ -716,6 +729,8 @@ void OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
if (opts & OPENSSL_INIT_ZLIB) {
ossl_init_once_run(&zlib, ossl_init_zlib);
}
+
+ return 1;
}
int OPENSSL_atexit(void (*handler)(void))
diff --git a/doc/crypto/OPENSSL_init_crypto.pod b/doc/crypto/OPENSSL_init_crypto.pod
index 11bc1c7..943f44c 100644
--- a/doc/crypto/OPENSSL_init_crypto.pod
+++ b/doc/crypto/OPENSSL_init_crypto.pod
@@ -11,7 +11,7 @@ initialisation and deinitialisation functions
#include <openssl/crypto.h>
void OPENSSL_cleanup(void);
- void OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
int OPENSSL_atexit(void (*handler)(void));
void OPENSSL_thread_stop(void);
@@ -146,14 +146,14 @@ engines. This not a default option.
=back
Multiple options may be combined together in a single call to
-OPENSSL_INIT_start_library(). For example:
+OPENSSL_init_crypto(). For example:
- OPENSSL_INIT_start_library(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
- | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
+ OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
+ | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
-The B<settings> parameter to OPENSSL_INIT_start_library() may be used to
-provide optional settings values to an option. Currently the only option this
+The B<settings> parameter to OPENSSL_init_crypto() may be used to provide
+optional settings values to an option. Currently the only option this
applies to is OPENSSL_INIT_LOAD_CONFIG. This provides the optional
OPENSSL_INIT_SET_CONF_FILENAME parameter to provide a filename to load
configuration from. If no filename is provided then the system default
@@ -180,6 +180,13 @@ on auto-deinitialisation. This is to avoid error conditions where both an
application and a library it depends on both use OpenSSL, and the library
deinitialises it before the application has finished using it.
+Once OPENSSL_cleanup() has been called the library cannot be reinitialised.
+Attempts to call OPENSSL_init_crypto() will fail and an ERR_R_INIT_FAIL error
+will be added to the error stack. Note that because initialisation has failed
+OpenSSL error strings will not be available, only an error code. This code can
+be put through the openssl errstr command line application to produce a human
+readable error (see L<errstr(1)>).
+
The OPENSSL_atexit() function enables the registration of a
function to be called during OPENSSL_cleanup(). Stop handlers are
called after deinitialisation of resources local to a thread, but before other
@@ -206,8 +213,8 @@ using static linking should also call OPENSSL_thread_stop().
=head1 RETURN VALUES
-The function OPENSSL_atexit() returns 1 on success or 0 on
-error.
+The functions OPENSSL_init_crypto and OPENSSL_atexit() returns 1 on success or
+0 on error.
=head1 SEE ALSO
diff --git a/doc/ssl/OPENSSL_init_ssl.pod b/doc/ssl/OPENSSL_init_ssl.pod
index d9246a5..113e93f 100644
--- a/doc/ssl/OPENSSL_init_ssl.pod
+++ b/doc/ssl/OPENSSL_init_ssl.pod
@@ -8,7 +8,7 @@ OPENSSL_init_ssl - OpenSSL (libssl and libcrypto) initialisation
#include <openssl/ssl.h>
- void OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
=head1 DESCRIPTION
@@ -63,6 +63,10 @@ these settings will also be passed internally to a call to
L<OPENSSL_init_crypto(3)>, so this parameter can also be used to
provide libcrypto settings values.
+=head1 RETURN VALUES
+
+The function OPENSSL_init_ssl() returns 1 on success or 0 on error.
+
=head1 SEE ALSO
L<OPENSSL_init_crypto(3)>
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 16b7fbd..d761a97 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -598,7 +598,7 @@ typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
/* Library initialisation functions */
void OPENSSL_cleanup(void);
-void OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
int OPENSSL_atexit(void (*handler)(void));
void OPENSSL_thread_stop(void);
@@ -627,6 +627,7 @@ void ERR_load_CRYPTO_strings(void);
# define CRYPTO_F_INT_DUP_EX_DATA 106
# define CRYPTO_F_INT_FREE_EX_DATA 107
# define CRYPTO_F_INT_NEW_EX_DATA 108
+# define CRYPTO_F_OPENSSL_INIT_CRYPTO_LIBRARY_START 116
# define CRYPTO_F_OPENSSL_MEMDUP 114
/* Reason codes. */
diff --git a/include/openssl/err.h b/include/openssl/err.h
index 147d4da..bdf8308 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -309,6 +309,7 @@ typedef struct err_state_st {
# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL)
# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL)
# define ERR_R_DISABLED (5|ERR_R_FATAL)
+# define ERR_R_INIT_FAIL (6|ERR_R_FATAL)
/*
* 99 is the maximum possible ERR_R_... code, higher values are reserved for
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d65ee9f..87ea39c 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1940,7 +1940,7 @@ __owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
#define OPENSSL_INIT_SSL_DEFAULT \
(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
-void OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
# ifndef OPENSSL_NO_UNIT_TEST
__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
@@ -1986,6 +1986,7 @@ void ERR_load_SSL_strings(void);
# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385
# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370
# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386
+# define SSL_F_OPENSSL_INIT_SSL_LIBRARY_START 342
# define SSL_F_READ_STATE_MACHINE 352
# define SSL_F_SSL3_ADD_CERT_TO_BUF 296
# define SSL_F_SSL3_CALLBACK_CTRL 233
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 0d8bcd4..4dc8895 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -95,7 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),
"DTLS1_SEND_HELLO_VERIFY_REQUEST"},
{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "dtls1_write_app_data_bytes"},
- {ERR_FUNC(SSL_F_DTLSV1_LISTEN), "dtlsv1_listen"},
+ {ERR_FUNC(SSL_F_DTLSV1_LISTEN), "DTLSv1_listen"},
{ERR_FUNC(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC),
"dtls_construct_change_cipher_spec"},
{ERR_FUNC(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST),
@@ -103,6 +103,8 @@ static ERR_STRING_DATA SSL_str_functs[] = {
{ERR_FUNC(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE),
"dtls_get_reassembled_message"},
{ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"},
+ {ERR_FUNC(SSL_F_OPENSSL_INIT_SSL_LIBRARY_START),
+ "OPENSSL_INIT_ssl_library_start"},
{ERR_FUNC(SSL_F_READ_STATE_MACHINE), "read_state_machine"},
{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "ssl3_callback_ctrl"},
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index 67e4319..e7fc63d 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -299,13 +299,26 @@ static void ssl_library_stop(void)
* called prior to any threads making calls to any OpenSSL functions,
* i.e. passing a non-null settings value is assumed to be single-threaded.
*/
-void OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
{
- /* XXX TODO WARNING To be updated to return a value not assert. */
- assert(!stopped);
+ static int stoperrset = 0;
+
+ if (stopped) {
+ if (!stoperrset) {
+ /*
+ * We only ever set this once to avoid getting into an infinite
+ * loop where the error system keeps trying to init and fails so
+ * sets an error etc
+ */
+ stoperrset = 1;
+ SSLerr(SSL_F_OPENSSL_INIT_SSL_LIBRARY_START, ERR_R_INIT_FAIL);
+ }
+ return 0;
+ }
- OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
- | OPENSSL_INIT_ADD_ALL_DIGESTS, settings);
+ if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
+ | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
+ return 0;
ossl_init_once_run(&ssl_base, ossl_init_ssl_base);
@@ -314,5 +327,7 @@ void OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
if (opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
ossl_init_once_run(&ssl_strings, ossl_init_load_ssl_strings);
+
+ return 1;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e4b5d9f..d080220 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2270,7 +2270,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
return (NULL);
}
- OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+ if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
+ return NULL;
if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE);
More information about the openssl-commits
mailing list