ZyklonB: better errors on TLS/SSL failure

This commit is contained in:
Přemysl Eric Janouch 2014-08-19 20:28:54 +02:00
parent 0484f7e995
commit 19ff2715b5

View File

@ -270,6 +270,7 @@ irc_send (struct bot_context *ctx, const char *format, ...)
static bool static bool
irc_initialize_ssl (struct bot_context *ctx, struct error **e) irc_initialize_ssl (struct bot_context *ctx, struct error **e)
{ {
const char *error_info = NULL;
ctx->ssl_ctx = SSL_CTX_new (SSLv23_client_method ()); ctx->ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
if (!ctx->ssl_ctx) if (!ctx->ssl_ctx)
goto error_ssl_1; goto error_ssl_1;
@ -300,8 +301,16 @@ irc_initialize_ssl (struct bot_context *ctx, struct error **e)
goto error_ssl_3; goto error_ssl_3;
// Avoid SSL_write() returning SSL_ERROR_WANT_READ // Avoid SSL_write() returning SSL_ERROR_WANT_READ
SSL_set_mode (ctx->ssl, SSL_MODE_AUTO_RETRY); SSL_set_mode (ctx->ssl, SSL_MODE_AUTO_RETRY);
if (SSL_connect (ctx->ssl) > 0)
switch (xssl_get_error (ctx->ssl, SSL_connect (ctx->ssl), &error_info))
{
case SSL_ERROR_NONE:
return true; return true;
case SSL_ERROR_ZERO_RETURN:
error_info = "server closed the connection";
default:
break;
}
error_ssl_3: error_ssl_3:
SSL_free (ctx->ssl); SSL_free (ctx->ssl);
@ -312,8 +321,9 @@ error_ssl_2:
error_ssl_1: error_ssl_1:
// XXX: these error strings are really nasty; also there could be // XXX: these error strings are really nasty; also there could be
// multiple errors on the OpenSSL stack. // multiple errors on the OpenSSL stack.
error_set (e, "%s: %s", "could not initialize SSL", if (!error_info)
ERR_error_string (ERR_get_error (), NULL)); error_info = ERR_error_string (ERR_get_error (), NULL);
error_set (e, "%s: %s", "could not initialize SSL", error_info);
return false; return false;
} }