Mercurial > dovecot > core-2.2
changeset 19450:be47ca42cbc4
lib-ssl-iostream: Moved openssl_iostream_*error() to -common.c
login-common code only links with this file, so that's required for the
previous changes to actually work.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 03 Dec 2015 12:22:24 +0200 |
parents | 302c3c7e11f8 |
children | 0cb2c54fa452 |
files | src/lib-ssl-iostream/iostream-openssl-common.c src/lib-ssl-iostream/iostream-openssl-context.c |
diffstat | 2 files changed, 75 insertions(+), 74 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-ssl-iostream/iostream-openssl-common.c Thu Dec 03 12:19:12 2015 +0200 +++ b/src/lib-ssl-iostream/iostream-openssl-common.c Thu Dec 03 12:22:24 2015 +0200 @@ -4,6 +4,7 @@ #include "iostream-openssl.h" #include <openssl/x509v3.h> +#include <openssl/err.h> enum { DOVECOT_SSL_PROTO_SSLv2 = 0x01, @@ -165,3 +166,77 @@ X509_free(cert); return ret; } + +static const char *ssl_err2str(unsigned long err, const char *data, int flags) +{ + const char *ret; + char *buf; + size_t err_size = 256; + + buf = t_malloc(err_size); + buf[err_size-1] = '\0'; + ERR_error_string_n(err, buf, err_size-1); + ret = buf; + + if ((flags & ERR_TXT_STRING) != 0) + ret = t_strdup_printf("%s: %s", buf, data); + return ret; +} + +const char *openssl_iostream_error(void) +{ + unsigned long err; + const char *data; + int flags; + + while ((err = ERR_get_error_line_data(NULL, NULL, &data, &flags)) != 0) { + if (ERR_GET_REASON(err) == ERR_R_MALLOC_FAILURE) + i_fatal_status(FATAL_OUTOFMEM, "OpenSSL malloc() failed"); + if (ERR_peek_error() != 0) + break; + i_error("SSL: Stacked error: %s", + ssl_err2str(err, data, flags)); + } + if (err == 0) { + if (errno != 0) + return strerror(errno); + return "Unknown error"; + } + return ssl_err2str(err, data, flags); +} + +const char *openssl_iostream_key_load_error(void) +{ + unsigned long err = ERR_peek_error(); + + if (ERR_GET_LIB(err) == ERR_LIB_X509 && + ERR_GET_REASON(err) == X509_R_KEY_VALUES_MISMATCH) + return "Key is for a different cert than ssl_cert"; + else + return openssl_iostream_error(); +} + +static bool is_pem_key(const char *cert) +{ + return strstr(cert, "PRIVATE KEY---") != NULL; +} + +const char * +openssl_iostream_use_certificate_error(const char *cert, const char *set_name) +{ + unsigned long err; + + err = ERR_peek_error(); + if (ERR_GET_LIB(err) != ERR_LIB_PEM || + ERR_GET_REASON(err) != PEM_R_NO_START_LINE) + return openssl_iostream_error(); + else if (is_pem_key(cert)) { + return "The file contains a private key " + "(you've mixed ssl_cert and ssl_key settings)"; + } else if (set_name != NULL && strchr(cert, '\n') == NULL) { + return t_strdup_printf("There is no valid PEM certificate. " + "(You probably forgot '<' from %s=<%s)", set_name, cert); + } else { + return "There is no valid PEM certificate."; + } +}
--- a/src/lib-ssl-iostream/iostream-openssl-context.c Thu Dec 03 12:19:12 2015 +0200 +++ b/src/lib-ssl-iostream/iostream-openssl-context.c Thu Dec 03 12:22:24 2015 +0200 @@ -28,55 +28,6 @@ static int ssl_iostream_init_global(const struct ssl_iostream_settings *set, const char **error_r); -static const char *ssl_err2str(unsigned long err, const char *data, int flags) -{ - const char *ret; - char *buf; - size_t err_size = 256; - - buf = t_malloc(err_size); - buf[err_size-1] = '\0'; - ERR_error_string_n(err, buf, err_size-1); - ret = buf; - - if ((flags & ERR_TXT_STRING) != 0) - ret = t_strdup_printf("%s: %s", buf, data); - return ret; -} - -const char *openssl_iostream_error(void) -{ - unsigned long err; - const char *data; - int flags; - - while ((err = ERR_get_error_line_data(NULL, NULL, &data, &flags)) != 0) { - if (ERR_GET_REASON(err) == ERR_R_MALLOC_FAILURE) - i_fatal_status(FATAL_OUTOFMEM, "OpenSSL malloc() failed"); - if (ERR_peek_error() != 0) - break; - i_error("SSL: Stacked error: %s", - ssl_err2str(err, data, flags)); - } - if (err == 0) { - if (errno != 0) - return strerror(errno); - return "Unknown error"; - } - return ssl_err2str(err, data, flags); -} - -const char *openssl_iostream_key_load_error(void) -{ - unsigned long err = ERR_peek_error(); - - if (ERR_GET_LIB(err) == ERR_LIB_X509 && - ERR_GET_REASON(err) == X509_R_KEY_VALUES_MISMATCH) - return "Key is for a different cert than ssl_cert"; - else - return openssl_iostream_error(); -} - static RSA *ssl_gen_rsa_key(SSL *ssl ATTR_UNUSED, int is_export ATTR_UNUSED, int keylength) { @@ -169,31 +120,6 @@ return ret; } -static bool is_pem_key(const char *cert) -{ - return strstr(cert, "PRIVATE KEY---") != NULL; -} - -const char * -openssl_iostream_use_certificate_error(const char *cert, const char *set_name) -{ - unsigned long err; - - err = ERR_peek_error(); - if (ERR_GET_LIB(err) != ERR_LIB_PEM || - ERR_GET_REASON(err) != PEM_R_NO_START_LINE) - return openssl_iostream_error(); - else if (is_pem_key(cert)) { - return "The file contains a private key " - "(you've mixed ssl_cert and ssl_key settings)"; - } else if (set_name != NULL && strchr(cert, '\n') == NULL) { - return t_strdup_printf("There is no valid PEM certificate. " - "(You probably forgot '<' from %s=<%s)", set_name, cert); - } else { - return "There is no valid PEM certificate."; - } -} - static int ssl_ctx_use_certificate_chain(SSL_CTX *ctx, const char *cert) { /* mostly just copy&pasted from SSL_CTX_use_certificate_chain_file() */