apache2/apache2-fips-compatibility-01.patch

From e2d689b4b25008e9d3e701e86c052e877452e1cc Mon Sep 17 00:00:00 2001
From: StephenWall <35972871+StephenWall@users.noreply.github.com>
Date: Tue, 16 Jan 2024 08:26:12 -0500
Subject: [PATCH] Check SSL_CTX_new() return value

SSL_CTX_new() will return NULL if there was an error creating a new SSL context.
---
 modules/ssl/ssl_engine_init.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 30fd6c5e4b5..2107cf44d7c 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -738,6 +738,10 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
         TLS_server_method();  /* server */
 #endif
     ctx = SSL_CTX_new(method);
+    if(ctx == NULL) {
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
+        return ssl_die(s);
+    }
 
     mctx->ssl_ctx = ctx;
Sync from SUSE:SLFO:Main apache2 revision e3d6d70fb54538166908b35863ac2da4 2024-11-18 14:48:08 +01:00			`From e2d689b4b25008e9d3e701e86c052e877452e1cc Mon Sep 17 00:00:00 2001`
			`From: StephenWall <35972871+StephenWall@users.noreply.github.com>`
			`Date: Tue, 16 Jan 2024 08:26:12 -0500`
			`Subject: [PATCH] Check SSL_CTX_new() return value`

			`SSL_CTX_new() will return NULL if there was an error creating a new SSL context.`
			`---`
			`modules/ssl/ssl_engine_init.c \| 4 ++++`
			`1 file changed, 4 insertions(+)`

			`diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c`
			`index 30fd6c5e4b5..2107cf44d7c 100644`
			`--- a/modules/ssl/ssl_engine_init.c`
			`+++ b/modules/ssl/ssl_engine_init.c`
			`@@ -738,6 +738,10 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,`
			`TLS_server_method(); /* server */`
			`#endif`
			`ctx = SSL_CTX_new(method);`
			`+ if(ctx == NULL) {`
			`+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);`
			`+ return ssl_die(s);`
			`+ }`

			`mctx->ssl_ctx = ctx;`