[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Fri Dec 8 15:08:43 UTC 2017
The branch master has been updated
via 0488c0bbbe87eee3a800797b91350c653e9f1711 (commit)
via 0a90a6831e02e00d9043ada635421cfd3da5ffe2 (commit)
from a14715888bc4b5bd2b1da3f8ac7d4cabef8c9cb8 (commit)
- Log -----------------------------------------------------------------
commit 0488c0bbbe87eee3a800797b91350c653e9f1711
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Nov 25 12:08:47 2017 +0100
In apps_startup(), call OPENSSL_init_ssl() rather than OPENSSL_init_crypto()
Otherwise, any command that relies on ssl modules may fail, because
SSL_add_ssl_module() will be called after the config file has already
been loaded.
Fixes #4788
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4792)
commit 0a90a6831e02e00d9043ada635421cfd3da5ffe2
Author: Richard Levitte <levitte at openssl.org>
Date: Sat Nov 25 12:02:58 2017 +0100
In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()
IF OPENSSL_init_ssl() is called with the option flag
OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wrongly
(i.e. there will be an attempt to load libssl_conf.so or whatever
corresponds to that on non-Unix platforms). Therefore, at least
SSL_add_ssl_module() MUST be called before OPENSSL_init_crypto() is
called. The base ssl init does that, plus adds all kinds of ciphers
and digests, which is harmless.
Fixes #4788
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4792)
-----------------------------------------------------------------------
Summary of changes:
apps/openssl.c | 4 ++--
ssl/ssl_init.c | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/apps/openssl.c b/apps/openssl.c
index 1c86827..2cb49cb 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -80,8 +80,8 @@ static int apps_startup()
#endif
/* Set non-default library initialisation settings */
- if (!OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN
- | OPENSSL_INIT_LOAD_CONFIG, NULL))
+ if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
+ | OPENSSL_INIT_LOAD_CONFIG, NULL))
return 0;
setup_ui_method();
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c
index 8eb6ef1..34e6773 100644
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -195,11 +195,11 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
return 0;
}
- if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
- | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
+ if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
return 0;
- if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
+ if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
+ | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
return 0;
if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
More information about the openssl-commits
mailing list