SSL -> TLS; fix error handling

degesch.c

@@ -1067,7 +1067,7 @@ enum transport_io_result
 	TRANSPORT_IO_ERROR                  ///< Connection error
 };
 
-// The only real purpose of this is to abstract away TLS/SSL
+// The only real purpose of this is to abstract away TLS
 struct transport
 {
 	/// Initialize the transport
@@ -1530,11 +1530,11 @@ static struct config_schema g_config_server[] =
 	  .validate  = config_validate_nonjunk_string },
 
 	{ .name      = "ssl",
-	  .comment   = "Whether to use SSL/TLS",
+	  .comment   = "Whether to use TLS",
 	  .type      = CONFIG_ITEM_BOOLEAN,
 	  .default_  = "off" },
 	{ .name      = "ssl_cert",
-	  .comment   = "Client SSL certificate (PEM)",
+	  .comment   = "Client TLS certificate (PEM)",
 	  .type      = CONFIG_ITEM_STRING },
 	{ .name      = "ssl_verify",
 	  .comment   = "Whether to verify certificates",
@@ -3866,12 +3866,12 @@ static struct transport g_transport_plain =
 	.get_poll_events  = transport_plain_get_poll_events,
 };
 
-// --- SSL/TLS transport -------------------------------------------------------
+// --- TLS transport -----------------------------------------------------------
 
 struct transport_tls_data
 {
 	SSL_CTX *ssl_ctx;                   ///< SSL context
-	SSL *ssl;                           ///< SSL/TLS connection
+	SSL *ssl;                           ///< SSL connection
 	bool ssl_rx_want_tx;                ///< SSL_read() wants to write
 	bool ssl_tx_want_rx;                ///< SSL_write() wants to read
 };
@@ -3931,6 +3931,8 @@ transport_tls_init_ctx (struct server *s, SSL_CTX *ssl_ctx, struct error **e)
 	const char *ca_file = get_config_string (s->config, "ssl_ca_file");
 	const char *ca_path = get_config_string (s->config, "ssl_ca_path");
 
+	ERR_clear_error ();
+
 	struct error *error = NULL;
 	if (ca_file || ca_path)
 	{
@@ -3972,6 +3974,8 @@ transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e)
 	if (!ssl_cert)
 		return true;
 
+	ERR_clear_error ();
+
 	bool result = false;
 	char *path = resolve_filename (ssl_cert, resolve_relative_config_filename);
 	if (!path)
@@ -3990,18 +3994,19 @@ transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e)
 static bool
 transport_tls_init (struct server *s, struct error **e)
 {
-	const char *error_info = NULL;
+	ERR_clear_error ();
+
+	struct error *error = NULL;
 	SSL_CTX *ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
 	if (!ssl_ctx)
 		goto error_ssl_1;
-	if (!transport_tls_init_ctx (s, ssl_ctx, e))
+	if (!transport_tls_init_ctx (s, ssl_ctx, &error))
 		goto error_ssl_2;
 
 	SSL *ssl = SSL_new (ssl_ctx);
 	if (!ssl)
 		goto error_ssl_2;
 
-	struct error *error = NULL;
 	if (!transport_tls_init_cert (s, ssl, &error))
 	{
 		// XXX: is this a reason to abort the connection?
@@ -4028,9 +4033,11 @@ error_ssl_3:
 error_ssl_2:
 	SSL_CTX_free (ssl_ctx);
 error_ssl_1:
-	if (!error_info)
-		error_info = ERR_reason_error_string (ERR_get_error ());
-	error_set (e, "%s: %s", "could not initialize SSL/TLS", error_info);
+	if (!error)
+		error_set (&error, "%s: %s", "Could not initialize TLS",
+			ERR_reason_error_string (ERR_get_error ()));
+
+	error_propagate (e, error);
 	return false;
 }