s_cb.c: Add missing return value checks

Return value of function 'SSL_CTX_ctrl', that is called from SSL_CTX_set1_verify_cert_store() and SSL_CTX_set1_chain_cert_store(), is not checked, but it is usually checked for this function. CLA: trivial Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23647) (cherry picked from commit 6f794b461c6e16c8afb996ee190e084cbbddb6b8)
author: MrRurikov <96385824+MrRurikov@users.noreply.github.com> 2024-02-21 11:11:34 +0300
committer: Tomas Mraz <tomas@openssl.org> 2024-02-22 12:45:59 +0100
commit: db511578f7822ed6aa47760adfdc08ef84a17698 (patch)
tree: 882cfb21615df71a1cdc2269ada2ccb07f59062a /apps
parent: 9dc2269829726a10806c4e9f951074b6529e2529 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c
index 743d88993f..7a719b9b0c 100644
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@@ -1383,7 +1383,8 @@ int ssl_load_stores(SSL_CTX *ctx,
         if (vfyCAstore != NULL && !X509_STORE_load_store(vfy, vfyCAstore))
             goto err;
         add_crls_store(vfy, crls);
-        SSL_CTX_set1_verify_cert_store(ctx, vfy);
+        if (SSL_CTX_set1_verify_cert_store(ctx, vfy) == 0)
+            goto err;
         if (crl_download)
             store_setup_crl_download(vfy);
     }
@@ -1397,7 +1398,8 @@ int ssl_load_stores(SSL_CTX *ctx,
             goto err;
         if (chCAstore != NULL && !X509_STORE_load_store(ch, chCAstore))
             goto err;
-        SSL_CTX_set1_chain_cert_store(ctx, ch);
+        if (SSL_CTX_set1_chain_cert_store(ctx, ch) == 0)
+            goto err;
     }
     rv = 1;
  err:
author	MrRurikov <96385824+MrRurikov@users.noreply.github.com>	2024-02-21 11:11:34 +0300
committer	Tomas Mraz <tomas@openssl.org>	2024-02-22 12:45:59 +0100
commit	db511578f7822ed6aa47760adfdc08ef84a17698 (patch)
tree	882cfb21615df71a1cdc2269ada2ccb07f59062a /apps
parent	9dc2269829726a10806c4e9f951074b6529e2529 (diff)