httpd/backport-Check-SSL_CTX_new-return-value.patch

From c8c469b3a907ea263a888217d6d5c48c287205ec Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Mon, 20 Jan 2025 10:27:52 +0000
Subject: [PATCH] Merge r1916054 from trunk:

mod_ssl: Check SSL_CTX_new() return value

SSL_CTX_new() will return NULL if there was an error creating a new SSL context.

Submitted by: StephenWall
Github: closes #402
Reviewed by: jailletc36, rjung, jorton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923248 13f79535-47bb-0310-9956-ffa450edef68

Conflict:NA
Reference:https://github.com/apache/httpd/commit/c8c469b3a907ea263a888217d6d5c48c287205ec
---
 modules/ssl/ssl_engine_init.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index beb5dac..b8150a9 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -704,6 +704,11 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
         TLS_server_method();  /* server */
 #endif
     ctx = SSL_CTX_new(method);
+    if (ctx == NULL) {
+        /* Can fail for some system/install mis-configuration. */
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+        return ssl_die(s);
+    }
 
     mctx->ssl_ctx = ctx;
 
-- 
2.33.0