Add error handling for SSL_new() of clients

Do not access wsi->ssl if SSL_new() failed and log the error.

diff --git a/lib/client.c b/lib/client.c
index adb275954b9f2ff4c06d789a02db326abfa4a93d..0c94746f7fd0390c62b05d29887f45662b1b54e1 100755 (executable)
--- a/lib/client.c
+++ b/lib/client.c
@@ -148,8 +148,10 @@ lws_client_socket_service(struct lws_context *context, struct lws *wsi,
 #ifdef LWS_OPENSSL_SUPPORT
                /* we can retry this... just cook the SSL BIO the first time */
 
-               if (wsi->use_ssl && !wsi->ssl)
-                       lws_ssl_client_bio_create(wsi);
+               if (wsi->use_ssl && !wsi->ssl) {
+                       if (lws_ssl_client_bio_create(wsi))
+                               return -1;
+               }
 
                if (wsi->use_ssl) {
                        n = lws_ssl_client_connect1(wsi);

diff --git a/lib/ssl-client.c b/lib/ssl-client.c
index 62fc265c372513c16430a77291e59c3fc316cfe2..904c77acf957ed4bb20fd323cb6bd1744f3c0c3e 100644 (file)
--- a/lib/ssl-client.c
+++ b/lib/ssl-client.c
@@ -45,6 +45,12 @@ lws_ssl_client_bio_create(struct lws *wsi)
        (void)param;
 
        wsi->ssl = SSL_new(wsi->vhost->ssl_client_ctx);
+       if (!wsi->ssl) {
+               lwsl_err("SSL_new failed: %s\n",
+                        ERR_error_string(lws_ssl_get_error(wsi, 0), NULL));
+               lws_decode_ssl_error();
+               return -1;
+       }
 
 #if defined LWS_HAVE_X509_VERIFY_PARAM_set1_host
        param = SSL_get0_param(wsi->ssl);