# HG changeset patch # User Timo Sirainen # Date 1449136691 -7200 # Node ID 77990d0b1a420b393ac42be338f7b83e6e7d7f48 # Parent 151df65d2de5115f94a9f9c5f1ecc725d218c78d login-common: Use openssl_iostream_*error() to avoid code duplication. diff -r 151df65d2de5 -r 77990d0b1a42 src/login-common/ssl-proxy-openssl.c --- a/src/login-common/ssl-proxy-openssl.c Thu Dec 03 11:55:33 2015 +0200 +++ b/src/login-common/ssl-proxy-openssl.c Thu Dec 03 11:58:11 2015 +0200 @@ -381,42 +381,6 @@ ssl_proxy_unref(proxy); } -static const char *ssl_err2str(unsigned long err, const char *data, int flags) -{ - const char *ret; - char *buf; - size_t err_size = 256; - - buf = t_malloc(err_size); - buf[err_size-1] = '\0'; - ERR_error_string_n(err, buf, err_size-1); - ret = buf; - - if ((flags & ERR_TXT_STRING) != 0) - ret = t_strdup_printf("%s: %s", buf, data); - return ret; -} - -static const char *ssl_last_error(void) -{ - unsigned long err; - const char *data; - int flags; - - err = ERR_get_error_line_data(NULL, NULL, &data, &flags); - while (err != 0 && ERR_peek_error() != 0) { - i_error("SSL: Stacked error: %s", - ssl_err2str(err, data, flags)); - err = ERR_get_error(); - } - if (err == 0) { - if (errno != 0) - return strerror(errno); - return "Unknown error"; - } - return ssl_err2str(err, data, flags); -} - static void ssl_handle_error(struct ssl_proxy *proxy, int ret, const char *func_name) { @@ -438,7 +402,7 @@ case SSL_ERROR_SYSCALL: /* eat up the error queue */ if (ERR_peek_error() != 0) - errstr = ssl_last_error(); + errstr = openssl_iostream_error(); else if (ret != 0) errstr = strerror(errno); else { @@ -460,11 +424,11 @@ login_binary->process_name); } errstr = t_strdup_printf("%s failed: %s", - func_name, ssl_last_error()); + func_name, openssl_iostream_error()); break; default: errstr = t_strdup_printf("%s failed: unknown failure %d (%s)", - func_name, err, ssl_last_error()); + func_name, err, openssl_iostream_error()); break; } @@ -594,12 +558,12 @@ ssl = SSL_new(ssl_ctx); if (ssl == NULL) { - i_error("SSL_new() failed: %s", ssl_last_error()); + i_error("SSL_new() failed: %s", openssl_iostream_error()); return -1; } if (SSL_set_fd(ssl, fd) != 1) { - i_error("SSL_set_fd() failed: %s", ssl_last_error()); + i_error("SSL_set_fd() failed: %s", openssl_iostream_error()); SSL_free(ssl); return -1; } @@ -991,7 +955,7 @@ i_fatal("BIO_new_mem_buf() failed"); inf = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL); if (inf == NULL) - i_fatal("Couldn't parse ssl_ca: %s", ssl_last_error()); + i_fatal("Couldn't parse ssl_ca: %s", openssl_iostream_error()); BIO_free(bio); if (xnames_r != NULL) { @@ -1123,7 +1087,7 @@ err = ERR_peek_error(); if (ERR_GET_LIB(err) != ERR_LIB_PEM || ERR_GET_REASON(err) != PEM_R_NO_START_LINE) - return ssl_last_error(); + return openssl_iostream_error(); else if (is_pem_key(cert)) { return "The file contains a private key " "(you've mixed ssl_cert and ssl_key settings)"; @@ -1135,17 +1099,6 @@ } } -static const char *ssl_key_load_error(void) -{ - unsigned long err = ERR_peek_error(); - - if (ERR_GET_LIB(err) == ERR_LIB_X509 && - ERR_GET_REASON(err) == X509_R_KEY_VALUES_MISMATCH) - return "Key is for a different cert than ssl_cert"; - else - return ssl_last_error(); -} - static EVP_PKEY * ATTR_NULL(2) ssl_proxy_load_key(const char *key, const char *password) { @@ -1162,7 +1115,7 @@ dup_password); if (pkey == NULL) { i_fatal("Couldn't parse private ssl_key: %s", - ssl_key_load_error()); + openssl_iostream_key_load_error()); } BIO_free(bio); return pkey; @@ -1179,7 +1132,7 @@ getenv(MASTER_SSL_KEY_PASSWORD_ENV); pkey = ssl_proxy_load_key(set->ssl_key, password); if (SSL_CTX_use_PrivateKey(ctx, pkey) != 1) - i_fatal("Can't load private ssl_key: %s", ssl_key_load_error()); + i_fatal("Can't load private ssl_key: %s", openssl_iostream_key_load_error()); EVP_PKEY_free(pkey); } @@ -1316,7 +1269,7 @@ if (SSL_CTX_set_cipher_list(ssl_ctx, ctx->cipher_list) != 1) { i_fatal("Can't set cipher list to '%s': %s", - ctx->cipher_list, ssl_last_error()); + ctx->cipher_list, openssl_iostream_error()); } if (ctx->prefer_server_ciphers) SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); @@ -1370,7 +1323,7 @@ pkey = ssl_proxy_load_key(set->ssl_client_key, NULL); if (SSL_CTX_use_PrivateKey(ctx, pkey) != 1) { i_fatal("Can't load private ssl_client_key: %s", - ssl_key_load_error()); + openssl_iostream_key_load_error()); } EVP_PKEY_free(pkey); }