From 19ff2715b5733c8d476f97c8d1cd7cd95cbd2d9f Mon Sep 17 00:00:00 2001
From: Přemysl Janouch
Date: Tue, 19 Aug 2014 20:28:54 +0200
Subject: ZyklonB: better errors on TLS/SSL failure
---
zyklonb.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/zyklonb.c b/zyklonb.c
index f8d931a..8f8bcda 100644
--- a/zyklonb.c
+++ b/zyklonb.c
@@ -270,6 +270,7 @@ irc_send (struct bot_context *ctx, const char *format, ...)
static bool
irc_initialize_ssl (struct bot_context *ctx, struct error **e)
{
+ const char *error_info = NULL;
ctx->ssl_ctx = SSL_CTX_new (SSLv23_client_method ());
if (!ctx->ssl_ctx)
goto error_ssl_1;
@@ -300,8 +301,16 @@ irc_initialize_ssl (struct bot_context *ctx, struct error **e)
goto error_ssl_3;
// Avoid SSL_write() returning SSL_ERROR_WANT_READ
SSL_set_mode (ctx->ssl, SSL_MODE_AUTO_RETRY);
- if (SSL_connect (ctx->ssl) > 0)
+
+ switch (xssl_get_error (ctx->ssl, SSL_connect (ctx->ssl), &error_info))
+ {
+ case SSL_ERROR_NONE:
return true;
+ case SSL_ERROR_ZERO_RETURN:
+ error_info = "server closed the connection";
+ default:
+ break;
+ }
error_ssl_3:
SSL_free (ctx->ssl);
@@ -312,8 +321,9 @@ error_ssl_2:
error_ssl_1:
// XXX: these error strings are really nasty; also there could be
// multiple errors on the OpenSSL stack.
- error_set (e, "%s: %s", "could not initialize SSL",
- ERR_error_string (ERR_get_error (), NULL));
+ if (!error_info)
+ error_info = ERR_error_string (ERR_get_error (), NULL);
+ error_set (e, "%s: %s", "could not initialize SSL", error_info);
return false;
}
--
cgit v1.2.3-70-g09d2