From 19ff2715b5733c8d476f97c8d1cd7cd95cbd2d9f Mon Sep 17 00:00:00 2001 From: Přemysl Janouch Date: Tue, 19 Aug 2014 20:28:54 +0200 Subject: ZyklonB: better errors on TLS/SSL failure --- zyklonb.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/zyklonb.c b/zyklonb.c index f8d931a..8f8bcda 100644 --- a/zyklonb.c +++ b/zyklonb.c @@ -270,6 +270,7 @@ irc_send (struct bot_context *ctx, const char *format, ...) static bool irc_initialize_ssl (struct bot_context *ctx, struct error **e) { + const char *error_info = NULL; ctx->ssl_ctx = SSL_CTX_new (SSLv23_client_method ()); if (!ctx->ssl_ctx) goto error_ssl_1; @@ -300,8 +301,16 @@ irc_initialize_ssl (struct bot_context *ctx, struct error **e) goto error_ssl_3; // Avoid SSL_write() returning SSL_ERROR_WANT_READ SSL_set_mode (ctx->ssl, SSL_MODE_AUTO_RETRY); - if (SSL_connect (ctx->ssl) > 0) + + switch (xssl_get_error (ctx->ssl, SSL_connect (ctx->ssl), &error_info)) + { + case SSL_ERROR_NONE: return true; + case SSL_ERROR_ZERO_RETURN: + error_info = "server closed the connection"; + default: + break; + } error_ssl_3: SSL_free (ctx->ssl); @@ -312,8 +321,9 @@ error_ssl_2: error_ssl_1: // XXX: these error strings are really nasty; also there could be // multiple errors on the OpenSSL stack. - error_set (e, "%s: %s", "could not initialize SSL", - ERR_error_string (ERR_get_error (), NULL)); + if (!error_info) + error_info = ERR_error_string (ERR_get_error (), NULL); + error_set (e, "%s: %s", "could not initialize SSL", error_info); return false; } -- cgit v1.2.3-70-g09d2