From 5162d876fdddfc244c7c60ba18f49351ef05d344 Mon Sep 17 00:00:00 2001
From: Patrick Gansterer <paroga@paroga.com>
Date: Sun, 14 Aug 2016 12:51:15 +0200
Subject: [PATCH] Add error handling for SSL_new() of clients

Do not access wsi->ssl if SSL_new() failed and log the error.
---
 lib/client.c     | 6 ++++--
 lib/ssl-client.c | 6 ++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/client.c b/lib/client.c
index 0f5ed96d..4171cbcc 100755
--- a/lib/client.c
+++ b/lib/client.c
@@ -155,8 +155,10 @@ lws_client_socket_service(struct lws_context *context, struct lws *wsi,
 #ifdef LWS_OPENSSL_SUPPORT
 		/* we can retry this... just cook the SSL BIO the first time */
 
-		if (wsi->use_ssl && !wsi->ssl)
-			lws_ssl_client_bio_create(wsi);
+		if (wsi->use_ssl && !wsi->ssl) {
+			if (lws_ssl_client_bio_create(wsi))
+				return -1;
+		}
 
 		if (wsi->use_ssl) {
 			n = lws_ssl_client_connect1(wsi);
diff --git a/lib/ssl-client.c b/lib/ssl-client.c
index be1ee3d5..2820db9d 100644
--- a/lib/ssl-client.c
+++ b/lib/ssl-client.c
@@ -45,6 +45,12 @@ lws_ssl_client_bio_create(struct lws *wsi)
 	(void)param;
 
 	wsi->ssl = SSL_new(wsi->vhost->ssl_client_ctx);
+	if (!wsi->ssl) {
+		lwsl_err("SSL_new failed: %s\n",
+		         ERR_error_string(lws_ssl_get_error(wsi, 0), NULL));
+		lws_decode_ssl_error();
+		return -1;
+	}
 
 #if defined LWS_HAVE_X509_VERIFY_PARAM_set1_host
 	if (!(wsi->use_ssl & LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK)) {