aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/ssl_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/ssl_lib.c')
-rw-r--r--ssl/ssl_lib.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c0931e787728..f2071db93702 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -307,6 +307,7 @@ SSL *SSL_new(SSL_CTX *ctx)
s->options = ctx->options;
s->mode = ctx->mode;
s->max_cert_list = ctx->max_cert_list;
+ s->references = 1;
if (ctx->cert != NULL) {
/*
@@ -405,7 +406,6 @@ SSL *SSL_new(SSL_CTX *ctx)
if (!s->method->ssl_new(s))
goto err;
- s->references = 1;
s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
SSL_clear(s);
@@ -1980,7 +1980,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->extra_certs = NULL;
/* No compression for DTLS */
- if (meth->version != DTLS1_VERSION)
+ if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
ret->comp_methods = SSL_COMP_get_compression_methods();
ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
@@ -3507,8 +3507,11 @@ EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
{
ssl_clear_hash_ctx(hash);
*hash = EVP_MD_CTX_create();
- if (md)
- EVP_DigestInit_ex(*hash, md, NULL);
+ if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
+ EVP_MD_CTX_destroy(*hash);
+ *hash = NULL;
+ return NULL;
+ }
return *hash;
}