diff options
author | Luke Bratch <luke@bratch.co.uk> | 2019-06-16 19:31:51 +0100 |
---|---|---|
committer | Luke Bratch <luke@bratch.co.uk> | 2019-06-16 19:31:51 +0100 |
commit | de11f8cdc5817fd2ea79886c4899d2fbe04c94c2 (patch) | |
tree | 4e22b67cd007298bd7b5504c0c7a733893854581 | |
parent | db0ab741a43a56ed898112fa09af6e465272cd25 (diff) |
Log OpenSSL errors properly instead of printing to stderr.
-rw-r--r-- | TODO | 2 | ||||
-rw-r--r-- | blabouncer.c | 10 | ||||
-rw-r--r-- | sockets.c | 19 | ||||
-rw-r--r-- | sockets.h | 3 |
4 files changed, 28 insertions, 6 deletions
@@ -8,3 +8,5 @@ Add various auto replay options: Might need to #include <limits.h> in blabouncer.c to make some operating systems and/or compilers happy. Load all settings from configuration file at startup instead of referring to it for certain things (password/nick2/nick3). + +PROTOCTL NAMESX passed to other clients (perhaps add an in-code TODO to have it as an option as well as multi-prefix CAP). diff --git a/blabouncer.c b/blabouncer.c index baf27c6..ff8667a 100644 --- a/blabouncer.c +++ b/blabouncer.c @@ -93,9 +93,12 @@ int connecttoircserver(SSL_CTX **serverctx, SSL **server_ssl, int *serversockfd, *server_ssl = SSL_new(*serverctx); SSL_set_fd(*server_ssl, *serversockfd); if (SSL_connect(*server_ssl) == -1) { - ERR_print_errors_fp(stderr); + char* errstr = openssl_error_string(); + debugprint(DEBUG_CRIT, "SSL_connect failed - %s", errstr); + if (errstr != NULL) free(errstr); } else { debugprint(DEBUG_FULL, "SSL_connect() success.\n"); + } debugprint(DEBUG_FULL, "server openssl complete.\n"); } else { @@ -704,8 +707,9 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) { clients[j].ssl = SSL_new(ctx); SSL_set_fd(clients[j].ssl, newfd); if (SSL_accept(clients[j].ssl) <= 0) { - debugprint(DEBUG_CRIT, "SSL_accept failed for fd %d.\n", clients[j].fd); - ERR_print_errors_fp(stderr); + char* errstr = openssl_error_string(); + debugprint(DEBUG_CRIT, "SSL_accept failed for fd %d - %s", clients[j].fd, errstr); + if (errstr != NULL) free(errstr); } else { debugprint(DEBUG_FULL, "SSL_accept succeeded for fd %d.\n", clients[j].fd); } @@ -173,9 +173,9 @@ SSL_CTX *create_openssl_context(int type) { ctx = SSL_CTX_new(method); if (!ctx) { - perror("Unable to create SSL context"); - ERR_print_errors_fp(stderr); - debugprint(DEBUG_CRIT, "Unable to create SSL context, errno '%d'.\n", errno); + char* errstr = openssl_error_string(); + debugprint(DEBUG_CRIT, "Unable to create SSL context, errno '%d', type '%d' - %s", errno, type, errstr); + if (errstr != NULL) free(errstr); exit(EXIT_FAILURE); } @@ -227,3 +227,16 @@ int socksend(SSL *fd, char *buf, int bufsize, int tls) { return send((long int)fd, buf, bufsize, 0); } } + +char *openssl_error_string() { + BIO *bio = BIO_new (BIO_s_mem ()); + ERR_print_errors (bio); + char *buf = NULL; + size_t len = BIO_get_mem_data (bio, &buf); + char *ret = (char *)calloc(1, 1 + len); + if (ret) { + memcpy(ret, buf, len); + } + BIO_free (bio); + return ret; +} @@ -68,4 +68,7 @@ int sockread(SSL *fd, char *buf, int bufsize, int tls); // Write to a socket, whether or not using TLS int socksend(SSL *fd, char *buf, int bufsize, int tls); +// Return character array of latest OpenSSL error +char *openssl_error_string(); + #endif |