fixes: add error check for SSL_set_tlsext_status_type

[Fahnenfluchtige]

The Svace static analysis tool identified a potential issue in the function ngx_stream_lua_socket_tcp_sslhandshake. The call to SSL_set_tlsext_status_type() was made without checking its return value.

This can lead to a situation where OCSP stapling fails silently, possibly resulting in an incomplete TLS configuration.

The fix adds an explicit check for the return value of SSL_set_tlsext_status_type(). If the function returns error, a Lua error is raised

index 2cddfd9..396e308 100644
--- a/src/ngx_stream_lua_socket_tcp.c
+++ b/src/ngx_stream_lua_socket_tcp.c
@@ -1792,8 +1792,10 @@ ngx_stream_lua_socket_tcp_sslhandshake(lua_State *L)
                 if (n >= 5) {
                     if (lua_toboolean(L, 5)) {
 #ifdef NGX_STREAM_LUA_USE_OCSP
-                        SSL_set_tlsext_status_type(c->ssl->connection,
-                                                   TLSEXT_STATUSTYPE_ocsp);
+                        if (SSL_set_tlsext_status_type(c->ssl->connection,
+                                TLSEXT_STATUSTYPE_ocsp) != 1) {
+                            return luaL_error(L, "failed to enable OCSP stapling");
+                        }
 #else
                         return luaL_error(L, "no OCSP support");
 #endif