tls: check result of SSL_CTX_set_*_proto_version

These functions generally should not fail, but we also shouldn't ignore potential failures entirely since security properties of the application might depend on successful configuration. This also is consistent with the existing CHECKs in SetMinProto() and SetMaxProto(). PR-URL: #53459 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
nodejs · Jul 19, 2024 · 3ed964c · 3ed964c
1 parent b5b8bb8
commit 3ed964c
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
@@ -540,8 +540,8 @@ void SecureContext::Init(const FunctionCallbackInfo<Value>& args) {
                                  SSL_SESS_CACHE_NO_INTERNAL |
                                  SSL_SESS_CACHE_NO_AUTO_CLEAR);
 
-  SSL_CTX_set_min_proto_version(sc->ctx_.get(), min_version);
-  SSL_CTX_set_max_proto_version(sc->ctx_.get(), max_version);
+  CHECK(SSL_CTX_set_min_proto_version(sc->ctx_.get(), min_version));
+  CHECK(SSL_CTX_set_max_proto_version(sc->ctx_.get(), max_version));
 
   // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was
   // exposed in the public API. To retain compatibility, install a callback