Commit e05f5cd8 authored by David Woodhouse's avatar David Woodhouse

Fix error exits in GnuTLS load_certificate() function

Having separate 'err' for GnuTLS errno, and 'ret' for the return value, has
caused me to sometimes return without setting 'ret'. Make it uninitialised
to start with, and then the compiler should warn if I 'goto out' again
without setting 'ret'.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 09bc6171
......@@ -621,7 +621,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
unsigned int nr_supporting_certs = 0, nr_extra_certs = 0;
unsigned int certs_to_free = 0; /* How many of supporting_certs */
int err; /* GnuTLS error */
int ret = 0; /* our error (zero or -errno) */
int ret;
int i;
int cert_is_p11 = 0, key_is_p11 = 0;
unsigned char key_id[20];
......@@ -925,6 +925,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to get key ID: %s\n"),
gnutls_strerror(err));
ret = -EINVAL;
goto out;
}
for (i = 0; i < (extra_certs?nr_extra_certs:1); i++) {
......@@ -969,6 +970,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
vpn_progress(vpninfo, PRG_ERR,
_("Error signing test data with private key: %s\n"),
gnutls_strerror(err));
ret = -EINVAL;
goto out;
}
......@@ -1025,6 +1027,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
vpn_progress(vpninfo, PRG_ERR,
_("Setting certificate recovation list failed: %s\n"),
gnutls_strerror(err));
ret = -EINVAL;
goto out;
}
}
......@@ -1162,7 +1165,8 @@ static int load_certificate(struct openconnect_info *vpninfo)
_("Setting certificate failed: %s\n"),
gnutls_strerror(err));
ret = -EIO;
}
} else
ret = 0;
out:
if (crl)
gnutls_x509_crl_deinit(crl);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment