From 383f6af344b07a4bc8f510310aaed5eb54f61033 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Eric=20Janouch?= <p@janouch.name>
Date: Tue, 20 Oct 2020 01:55:46 +0200
Subject: Improve OpenSSL integration

Ensure the error stack is cleared after errors are processed.

Also handle NULL returns safely.

Makes the debug mode spew more data, though almost none of
the contexts is in reaction to network peer data.
---
 common.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'common.c')

diff --git a/common.c b/common.c
index 0837188..24077a6 100644
--- a/common.c
+++ b/common.c
@@ -50,6 +50,30 @@ init_openssl (void)
 
 // --- To be moved to liberty --------------------------------------------------
 
+// FIXME: in xssl_get_error() we rely on error reasons never being NULL (i.e.,
+//   all loaded), which isn't very robust.
+// TODO: check all places where this is used and see if we couldn't gain better
+//   information by piecing together some other subset of data from the error
+//   stack.  Most often, this is used in an error_set() context, which would
+//   allow us to allocate memory instead of returning static strings.
+static const char *
+xerr_describe_error (void)
+{
+	unsigned long err = ERR_get_error ();
+	if (!err)
+		return "undefined error";
+
+	const char *reason = ERR_reason_error_string (err);
+	do
+		// Not thread-safe, not a concern right now--need a buffer
+		print_debug ("%s", ERR_error_string (err, NULL));
+	while ((err = ERR_get_error ()));
+
+	if (!reason)
+		return "cannot retrieve error description";
+	return reason;
+}
+
 static ssize_t
 strv_find (const struct strv *v, const char *s)
 {
-- 
cgit v1.2.3