summaryrefslogtreecommitdiff
path: root/kike.c
diff options
context:
space:
mode:
authorPřemysl Eric Janouch <p@janouch.name>2020-10-20 01:55:46 +0200
committerPřemysl Eric Janouch <p@janouch.name>2020-10-20 01:55:46 +0200
commit383f6af344b07a4bc8f510310aaed5eb54f61033 (patch)
treedc3ee6ed541edf7b1b8d19b9e049b0fa59fcb630 /kike.c
parent13c85aa3614ace6aff2e1614a4ca9da5fab33b81 (diff)
downloadxK-383f6af344b07a4bc8f510310aaed5eb54f61033.tar.gz
xK-383f6af344b07a4bc8f510310aaed5eb54f61033.tar.xz
xK-383f6af344b07a4bc8f510310aaed5eb54f61033.zip
Improve OpenSSL integration
Ensure the error stack is cleared after errors are processed. Also handle NULL returns safely. Makes the debug mode spew more data, though almost none of the contexts is in reaction to network peer data.
Diffstat (limited to 'kike.c')
-rw-r--r--kike.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/kike.c b/kike.c
index 1cb6091..1e344a8 100644
--- a/kike.c
+++ b/kike.c
@@ -3261,7 +3261,7 @@ error_ssl_3:
SSL_free (c->ssl);
c->ssl = NULL;
error_ssl_2:
- error_info = ERR_reason_error_string (ERR_get_error ());
+ error_info = xerr_describe_error ();
error_ssl_1:
print_debug ("could not initialize TLS for %s: %s", c->address, error_info);
return false;
@@ -3540,7 +3540,7 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
if (!ctx->ssl_ctx)
{
error_set (e, "%s: %s", "could not initialize TLS",
- ERR_reason_error_string (ERR_get_error ()));
+ xerr_describe_error ());
return false;
}
SSL_CTX_set_verify (ctx->ssl_ctx,
@@ -3570,11 +3570,11 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
error_set (e, "failed to select any cipher from the cipher list");
else if (!SSL_CTX_use_certificate_chain_file (ctx->ssl_ctx, cert_path))
error_set (e, "%s: %s", "setting the TLS certificate failed",
- ERR_reason_error_string (ERR_get_error ()));
+ xerr_describe_error ());
else if (!SSL_CTX_use_PrivateKey_file
(ctx->ssl_ctx, key_path, SSL_FILETYPE_PEM))
error_set (e, "%s: %s", "setting the TLS private key failed",
- ERR_reason_error_string (ERR_get_error ()));
+ xerr_describe_error ());
else
// TODO: SSL_CTX_check_private_key()? It has probably already been
// checked by SSL_CTX_use_PrivateKey_file() above.