Log OpenSSL errors properly instead of printing to stderr.

4 files changed, 28 insertions, 6 deletions

diff --git a/TODO b/TODO
index 081cb0c..4196fcc 100644
--- a/TODO
+++ b/TODO
@@ -8,3 +8,5 @@ Add various auto replay options:
 Might need to #include <limits.h> in blabouncer.c to make some operating systems and/or compilers happy.
 
 Load all settings from configuration file at startup instead of referring to it for certain things (password/nick2/nick3).
+
+PROTOCTL NAMESX passed to other clients (perhaps add an in-code TODO to have it as an option as well as multi-prefix CAP).
diff --git a/blabouncer.c b/blabouncer.c
index baf27c6..ff8667a 100644
--- a/blabouncer.c
+++ b/blabouncer.c
@@ -93,9 +93,12 @@ int connecttoircserver(SSL_CTX **serverctx, SSL **server_ssl, int *serversockfd,
     *server_ssl = SSL_new(*serverctx);
     SSL_set_fd(*server_ssl, *serversockfd);
     if (SSL_connect(*server_ssl) == -1) {
-      ERR_print_errors_fp(stderr);
+      char* errstr = openssl_error_string();
+      debugprint(DEBUG_CRIT, "SSL_connect failed - %s", errstr);
+      if (errstr != NULL) free(errstr);
     } else {
       debugprint(DEBUG_FULL, "SSL_connect() success.\n");
+
     }
     debugprint(DEBUG_FULL, "server openssl complete.\n");
   } else {
@@ -704,8 +707,9 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) {
                     clients[j].ssl = SSL_new(ctx);
                     SSL_set_fd(clients[j].ssl, newfd);
                     if (SSL_accept(clients[j].ssl) <= 0) {
-                      debugprint(DEBUG_CRIT, "SSL_accept failed for fd %d.\n", clients[j].fd);
-                      ERR_print_errors_fp(stderr);
+                      char* errstr = openssl_error_string();
+                      debugprint(DEBUG_CRIT, "SSL_accept failed for fd %d - %s", clients[j].fd, errstr);
+                      if (errstr != NULL) free(errstr);
                     } else {
                       debugprint(DEBUG_FULL, "SSL_accept succeeded for fd %d.\n", clients[j].fd);
                     }
diff --git a/sockets.c b/sockets.c
index 9f3563f..bf83176 100644
--- a/sockets.c
+++ b/sockets.c
@@ -173,9 +173,9 @@ SSL_CTX *create_openssl_context(int type) {
 
   ctx = SSL_CTX_new(method);
   if (!ctx) {
-    perror("Unable to create SSL context");
-    ERR_print_errors_fp(stderr);
-    debugprint(DEBUG_CRIT, "Unable to create SSL context, errno '%d'.\n", errno);
+    char* errstr = openssl_error_string();
+    debugprint(DEBUG_CRIT, "Unable to create SSL context, errno '%d', type '%d' - %s", errno, type, errstr);
+    if (errstr != NULL) free(errstr);
     exit(EXIT_FAILURE);
   }
 
@@ -227,3 +227,16 @@ int socksend(SSL *fd, char *buf, int bufsize, int tls) {
     return send((long int)fd, buf, bufsize, 0);
   }
 }
+
+char *openssl_error_string() {
+  BIO *bio = BIO_new (BIO_s_mem ());
+  ERR_print_errors (bio);
+  char *buf = NULL;
+  size_t len = BIO_get_mem_data (bio, &buf);
+  char *ret = (char *)calloc(1, 1 + len);
+  if (ret) {
+    memcpy(ret, buf, len);
+  }
+  BIO_free (bio);
+  return ret;
+}
diff --git a/sockets.h b/sockets.h
index c1d74c7..4fb6c20 100644
--- a/sockets.h
+++ b/sockets.h
@@ -68,4 +68,7 @@ int sockread(SSL *fd, char *buf, int bufsize, int tls);
 // Write to a socket, whether or not using TLS
 int socksend(SSL *fd, char *buf, int bufsize, int tls);
 
+// Return character array of latest OpenSSL error
+char *openssl_error_string();
+
 #endif