int retval;
/* Check for all the needful configuration. */
+ retval = 0;
if (!has_private_key) {
VLOG_ERR("Private key must be configured to use SSL");
- goto error;
+ retval = ENOPROTOOPT;
}
if (!has_certificate) {
VLOG_ERR("Certificate must be configured to use SSL");
- goto error;
+ retval = ENOPROTOOPT;
}
if (!has_ca_cert && !bootstrap_ca_cert) {
VLOG_ERR("CA certificate must be configured to use SSL");
- goto error;
+ retval = ENOPROTOOPT;
}
if (!SSL_CTX_check_private_key(ctx)) {
VLOG_ERR("Private key does not match certificate public key: %s",
ERR_error_string(ERR_get_error(), NULL));
+ retval = ENOPROTOOPT;
+ }
+ if (retval) {
goto error;
}
retval = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof on);
if (retval) {
VLOG_ERR("%s: setsockopt(TCP_NODELAY): %s", name, strerror(errno));
- close(fd);
- return errno;
+ retval = errno;
+ goto error;
}
/* Create and configure OpenSSL stream. */
ssl = SSL_new(ctx);
if (ssl == NULL) {
VLOG_ERR("SSL_new: %s", ERR_error_string(ERR_get_error(), NULL));
- close(fd);
- return ENOPROTOOPT;
+ retval = ENOPROTOOPT;
+ goto error;
}
if (SSL_set_fd(ssl, fd) == 0) {
VLOG_ERR("SSL_set_fd: %s", ERR_error_string(ERR_get_error(), NULL));
+ retval = ENOPROTOOPT;
goto error;
}
if (bootstrap_ca_cert && type == CLIENT) {
SSL_free(ssl);
}
close(fd);
- return ENOPROTOOPT;
+ return retval;
}
static struct ssl_vconn *
projects / openvswitch / commitdiff