From 6e6646bdd5b816d8c79cc2b439eb7c7ff0f47bb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Mon, 17 Jun 2024 00:53:04 +0200 Subject: [PATCH] tls: check result of SSL_CTX_set_*_proto_version These functions generally should not fail, but we also shouldn't ignore potential failures entirely since security properties of the application might depend on successful configuration. This also is consistent with the existing CHECKs in SetMinProto() and SetMaxProto(). PR-URL: https://github.com/nodejs/node/pull/53459 Reviewed-By: Luigi Pinca Reviewed-By: Richard Lau --- src/crypto/crypto_context.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc index 1ee5ff3114b14e..e26e64834bee7f 100644 --- a/src/crypto/crypto_context.cc +++ b/src/crypto/crypto_context.cc @@ -540,8 +540,8 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { SSL_SESS_CACHE_NO_INTERNAL | SSL_SESS_CACHE_NO_AUTO_CLEAR); - SSL_CTX_set_min_proto_version(sc->ctx_.get(), min_version); - SSL_CTX_set_max_proto_version(sc->ctx_.get(), max_version); + CHECK(SSL_CTX_set_min_proto_version(sc->ctx_.get(), min_version)); + CHECK(SSL_CTX_set_max_proto_version(sc->ctx_.get(), max_version)); // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was // exposed in the public API. To retain compatibility, install a callback