1 files changed, 14 insertions, 11 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 80242861c7..0b0a8120a4 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.7 2015/02/22 14:50:41 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.8 2015/02/22 14:59:37 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -68,22 +68,25 @@ tls_config_new(void)
        /*
         * Default configuration.
         */
-        if (tls_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) {
+        if (tls_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0)
-                tls_config_free(config);
+                goto err;
-                return (NULL);
+        if (tls_config_set_dheparams(config, "none") != 0)
-        }
+                goto err;
-        tls_config_set_dheparams(config, "none");
+        if (tls_config_set_ecdhecurve(config, "auto") != 0)
-        tls_config_set_ecdhecurve(config, "auto");
+                goto err;
-        if (tls_config_set_ciphers(config, "secure") != 0) {
+        if (tls_config_set_ciphers(config, "secure") != 0)
-                tls_config_free(config);
+                goto err;
-                return (NULL);
-        }
        tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT);
        tls_config_set_verify_depth(config, 6);
        
        tls_config_verify(config);
        return (config);
+err:
+        tls_config_free(config);
+        return (NULL);
 }
 void

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 80242861c7..0b0a8120a4 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_config.c,v 1.7 2015/02/22 14:50:41 jsing Exp $ */	1	/* $OpenBSD: tls_config.c,v 1.8 2015/02/22 14:59:37 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -68,22 +68,25 @@ tls_config_new(void)
68	/*	68	/*
69	* Default configuration.	69	* Default configuration.
70	*/	70	*/
71	if (tls_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) {	71	if (tls_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0)
72	tls_config_free(config);	72	goto err;
73	return (NULL);	73	if (tls_config_set_dheparams(config, "none") != 0)
74	}	74	goto err;
75	tls_config_set_dheparams(config, "none");	75	if (tls_config_set_ecdhecurve(config, "auto") != 0)
76	tls_config_set_ecdhecurve(config, "auto");	76	goto err;
77	if (tls_config_set_ciphers(config, "secure") != 0) {	77	if (tls_config_set_ciphers(config, "secure") != 0)
78	tls_config_free(config);	78	goto err;
79	return (NULL);	79
80	}
81	tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT);	80	tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT);
82	tls_config_set_verify_depth(config, 6);	81	tls_config_set_verify_depth(config, 6);
83		82
84	tls_config_verify(config);	83	tls_config_verify(config);
85		84
86	return (config);	85	return (config);
		86
		87	err:
		88	tls_config_free(config);
		89	return (NULL);
87	}	90	}
88		91
89	void	92	void