Only print the first OpenSSL error
Otherwise TLS autodetection and TLS communication itself seem to work, yay!
This commit is contained in:
parent
d28b722489
commit
e00d2079b5
10
src/kike.c
10
src/kike.c
@ -1082,7 +1082,13 @@ irc_initialize_ssl (struct server_context *ctx)
|
|||||||
|
|
||||||
ctx->ssl_ctx = SSL_CTX_new (SSLv23_server_method ());
|
ctx->ssl_ctx = SSL_CTX_new (SSLv23_server_method ());
|
||||||
if (!ctx->ssl_ctx)
|
if (!ctx->ssl_ctx)
|
||||||
|
{
|
||||||
|
// XXX: these error strings are really nasty; also there could be
|
||||||
|
// multiple errors on the OpenSSL stack.
|
||||||
|
print_error ("%s: %s", "could not initialize SSL",
|
||||||
|
ERR_error_string (ERR_get_error (), NULL));
|
||||||
goto error_ssl_1;
|
goto error_ssl_1;
|
||||||
|
}
|
||||||
SSL_CTX_set_verify (ctx->ssl_ctx,
|
SSL_CTX_set_verify (ctx->ssl_ctx,
|
||||||
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, irc_ssl_verify_callback);
|
SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, irc_ssl_verify_callback);
|
||||||
// XXX: maybe we should call SSL_CTX_set_options() for some workarounds
|
// XXX: maybe we should call SSL_CTX_set_options() for some workarounds
|
||||||
@ -1114,10 +1120,6 @@ error_ssl_2:
|
|||||||
SSL_CTX_free (ctx->ssl_ctx);
|
SSL_CTX_free (ctx->ssl_ctx);
|
||||||
ctx->ssl_ctx = NULL;
|
ctx->ssl_ctx = NULL;
|
||||||
error_ssl_1:
|
error_ssl_1:
|
||||||
// XXX: these error strings are really nasty; also there could be
|
|
||||||
// multiple errors on the OpenSSL stack.
|
|
||||||
print_error ("%s: %s", "could not initialize SSL",
|
|
||||||
ERR_error_string (ERR_get_error (), NULL));
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user