summaryrefslogtreecommitdiff
path: root/zyklonb.c
diff options
context:
space:
mode:
authorPřemysl Eric Janouch <p@janouch.name>2020-10-20 01:55:46 +0200
committerPřemysl Eric Janouch <p@janouch.name>2020-10-20 01:55:46 +0200
commit383f6af344b07a4bc8f510310aaed5eb54f61033 (patch)
treedc3ee6ed541edf7b1b8d19b9e049b0fa59fcb630 /zyklonb.c
parent13c85aa3614ace6aff2e1614a4ca9da5fab33b81 (diff)
downloadxK-383f6af344b07a4bc8f510310aaed5eb54f61033.tar.gz
xK-383f6af344b07a4bc8f510310aaed5eb54f61033.tar.xz
xK-383f6af344b07a4bc8f510310aaed5eb54f61033.zip
Improve OpenSSL integration
Ensure the error stack is cleared after errors are processed. Also handle NULL returns safely. Makes the debug mode spew more data, though almost none of the contexts is in reaction to network peer data.
Diffstat (limited to 'zyklonb.c')
-rw-r--r--zyklonb.c12
1 files changed, 5 insertions, 7 deletions
diff --git a/zyklonb.c b/zyklonb.c
index d8417c5..0d27758 100644
--- a/zyklonb.c
+++ b/zyklonb.c
@@ -280,7 +280,7 @@ irc_send (struct bot_context *ctx, const char *format, ...)
if (SSL_write (ctx->ssl, str.str, str.len) != (int) str.len)
{
print_debug ("%s: %s: %s", __func__, "SSL_write",
- ERR_error_string (ERR_get_error (), NULL));
+ xerr_describe_error ());
result = false;
}
}
@@ -320,13 +320,13 @@ irc_initialize_ca_set (SSL_CTX *ssl_ctx, const char *file, const char *path,
return error_set (e, "%s: %s",
"failed to set locations for the CA certificate bundle",
- ERR_reason_error_string (ERR_get_error ()));
+ xerr_describe_error ());
}
if (!SSL_CTX_set_default_verify_paths (ssl_ctx))
return error_set (e, "%s: %s",
"couldn't load the default CA certificate bundle",
- ERR_reason_error_string (ERR_get_error ()));
+ xerr_describe_error ());
return true;
}
@@ -407,7 +407,7 @@ irc_initialize_tls (struct bot_context *ctx, struct error **e)
else if (!SSL_use_certificate_file (ctx->ssl, path, SSL_FILETYPE_PEM)
|| !SSL_use_PrivateKey_file (ctx->ssl, path, SSL_FILETYPE_PEM))
print_error ("%s: %s", "setting the TLS client certificate failed",
- ERR_error_string (ERR_get_error (), NULL));
+ xerr_describe_error ());
free (path);
}
@@ -434,10 +434,8 @@ error_ssl_2:
SSL_CTX_free (ctx->ssl_ctx);
ctx->ssl_ctx = NULL;
error_ssl_1:
- // XXX: these error strings are really nasty; also there could be
- // multiple errors on the OpenSSL stack.
if (!error_info)
- error_info = ERR_error_string (ERR_get_error (), NULL);
+ error_info = xerr_describe_error ();
return error_set (e, "%s: %s", "could not initialize TLS", error_info);
}