diff options
author | Přemysl Janouch <p.janouch@gmail.com> | 2015-07-15 23:11:12 +0200 |
---|---|---|
committer | Přemysl Janouch <p.janouch@gmail.com> | 2015-07-15 23:11:12 +0200 |
commit | c8496a83d88998ede42f04ce16b1daf6c7d39477 (patch) | |
tree | 2f02915d2f8a104ab7b657147f0fc0385caee122 | |
parent | 6351ff387e74cb24c89eba1be104cc716e2dc371 (diff) | |
download | xK-c8496a83d88998ede42f04ce16b1daf6c7d39477.tar.gz xK-c8496a83d88998ede42f04ce16b1daf6c7d39477.tar.xz xK-c8496a83d88998ede42f04ce16b1daf6c7d39477.zip |
Unfuck OpenSSL error messages
We still take just the first error message in the queue, though.
-rw-r--r-- | degesch.c | 6 | ||||
-rw-r--r-- | kike.c | 13 |
2 files changed, 6 insertions, 13 deletions
@@ -3980,7 +3980,7 @@ transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e) else if (!SSL_use_certificate_file (ssl, path, SSL_FILETYPE_PEM) || !SSL_use_PrivateKey_file (ssl, path, SSL_FILETYPE_PEM)) error_set (e, "%s: %s", "Setting the SSL client certificate failed", - ERR_error_string (ERR_get_error (), NULL)); + ERR_reason_error_string (ERR_get_error ())); else result = true; free (path); @@ -4028,10 +4028,8 @@ error_ssl_3: error_ssl_2: SSL_CTX_free (ssl_ctx); error_ssl_1: - // XXX: these error strings are really nasty; also there could be - // multiple errors on the OpenSSL stack. if (!error_info) - error_info = ERR_error_string (ERR_get_error (), NULL); + error_info = ERR_reason_error_string (ERR_get_error ()); error_set (e, "%s: %s", "could not initialize SSL/TLS", error_info); return false; } @@ -3273,10 +3273,8 @@ error_ssl_2: SSL_free (c->ssl); c->ssl = NULL; error_ssl_1: - // XXX: these error strings are really nasty; also there could be - // multiple errors on the OpenSSL stack. if (!error_info) - error_info = ERR_error_string (ERR_get_error (), NULL); + error_info = ERR_reason_error_string (ERR_get_error ()); print_debug ("could not initialize SSL for %s: %s", c->address, error_info); return false; } @@ -3485,10 +3483,8 @@ irc_initialize_ssl_ctx (struct server_context *ctx, ctx->ssl_ctx = SSL_CTX_new (SSLv23_server_method ()); if (!ctx->ssl_ctx) { - // XXX: these error strings are really nasty; also there could be - // multiple errors on the OpenSSL stack. error_set (e, "%s: %s", "could not initialize SSL", - ERR_error_string (ERR_get_error (), NULL)); + ERR_reason_error_string (ERR_get_error ())); return false; } SSL_CTX_set_verify (ctx->ssl_ctx, @@ -3515,11 +3511,11 @@ irc_initialize_ssl_ctx (struct server_context *ctx, error_set (e, "failed to select any cipher from the cipher list"); else if (!SSL_CTX_use_certificate_chain_file (ctx->ssl_ctx, cert_path)) error_set (e, "%s: %s", "setting the SSL client certificate failed", - ERR_error_string (ERR_get_error (), NULL)); + ERR_reason_error_string (ERR_get_error ())); else if (!SSL_CTX_use_PrivateKey_file (ctx->ssl_ctx, key_path, SSL_FILETYPE_PEM)) error_set (e, "%s: %s", "setting the SSL private key failed", - ERR_error_string (ERR_get_error (), NULL)); + ERR_reason_error_string (ERR_get_error ())); else // TODO: SSL_CTX_check_private_key()? It has probably already been // checked by SSL_CTX_use_PrivateKey_file() above. @@ -3998,7 +3994,6 @@ main (int argc, char *argv[]) SSL_library_init (); atexit (EVP_cleanup); SSL_load_error_strings (); - // XXX: ERR_load_BIO_strings()? Anything else? atexit (ERR_free_strings); struct server_context ctx; |