Unfuck OpenSSL error messages
We still take just the first error message in the queue, though.
This commit is contained in:
parent
6351ff387e
commit
c8496a83d8
@ -3980,7 +3980,7 @@ transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e)
|
||||
else if (!SSL_use_certificate_file (ssl, path, SSL_FILETYPE_PEM)
|
||||
|| !SSL_use_PrivateKey_file (ssl, path, SSL_FILETYPE_PEM))
|
||||
error_set (e, "%s: %s", "Setting the SSL client certificate failed",
|
||||
ERR_error_string (ERR_get_error (), NULL));
|
||||
ERR_reason_error_string (ERR_get_error ()));
|
||||
else
|
||||
result = true;
|
||||
free (path);
|
||||
@ -4028,10 +4028,8 @@ error_ssl_3:
|
||||
error_ssl_2:
|
||||
SSL_CTX_free (ssl_ctx);
|
||||
error_ssl_1:
|
||||
// XXX: these error strings are really nasty; also there could be
|
||||
// multiple errors on the OpenSSL stack.
|
||||
if (!error_info)
|
||||
error_info = ERR_error_string (ERR_get_error (), NULL);
|
||||
error_info = ERR_reason_error_string (ERR_get_error ());
|
||||
error_set (e, "%s: %s", "could not initialize SSL/TLS", error_info);
|
||||
return false;
|
||||
}
|
||||
|
13
kike.c
13
kike.c
@ -3273,10 +3273,8 @@ error_ssl_2:
|
||||
SSL_free (c->ssl);
|
||||
c->ssl = NULL;
|
||||
error_ssl_1:
|
||||
// XXX: these error strings are really nasty; also there could be
|
||||
// multiple errors on the OpenSSL stack.
|
||||
if (!error_info)
|
||||
error_info = ERR_error_string (ERR_get_error (), NULL);
|
||||
error_info = ERR_reason_error_string (ERR_get_error ());
|
||||
print_debug ("could not initialize SSL for %s: %s", c->address, error_info);
|
||||
return false;
|
||||
}
|
||||
@ -3485,10 +3483,8 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
|
||||
ctx->ssl_ctx = SSL_CTX_new (SSLv23_server_method ());
|
||||
if (!ctx->ssl_ctx)
|
||||
{
|
||||
// XXX: these error strings are really nasty; also there could be
|
||||
// multiple errors on the OpenSSL stack.
|
||||
error_set (e, "%s: %s", "could not initialize SSL",
|
||||
ERR_error_string (ERR_get_error (), NULL));
|
||||
ERR_reason_error_string (ERR_get_error ()));
|
||||
return false;
|
||||
}
|
||||
SSL_CTX_set_verify (ctx->ssl_ctx,
|
||||
@ -3515,11 +3511,11 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
|
||||
error_set (e, "failed to select any cipher from the cipher list");
|
||||
else if (!SSL_CTX_use_certificate_chain_file (ctx->ssl_ctx, cert_path))
|
||||
error_set (e, "%s: %s", "setting the SSL client certificate failed",
|
||||
ERR_error_string (ERR_get_error (), NULL));
|
||||
ERR_reason_error_string (ERR_get_error ()));
|
||||
else if (!SSL_CTX_use_PrivateKey_file
|
||||
(ctx->ssl_ctx, key_path, SSL_FILETYPE_PEM))
|
||||
error_set (e, "%s: %s", "setting the SSL private key failed",
|
||||
ERR_error_string (ERR_get_error (), NULL));
|
||||
ERR_reason_error_string (ERR_get_error ()));
|
||||
else
|
||||
// TODO: SSL_CTX_check_private_key()? It has probably already been
|
||||
// checked by SSL_CTX_use_PrivateKey_file() above.
|
||||
@ -3998,7 +3994,6 @@ main (int argc, char *argv[])
|
||||
SSL_library_init ();
|
||||
atexit (EVP_cleanup);
|
||||
SSL_load_error_strings ();
|
||||
// XXX: ERR_load_BIO_strings()? Anything else?
|
||||
atexit (ERR_free_strings);
|
||||
|
||||
struct server_context ctx;
|
||||
|
Loading…
Reference in New Issue
Block a user