From de11f8cdc5817fd2ea79886c4899d2fbe04c94c2 Mon Sep 17 00:00:00 2001 From: Luke Bratch Date: Sun, 16 Jun 2019 19:31:51 +0100 Subject: Log OpenSSL errors properly instead of printing to stderr. --- TODO | 2 ++ blabouncer.c | 10 +++++++--- sockets.c | 19 ++++++++++++++++--- sockets.h | 3 +++ 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/TODO b/TODO index 081cb0c..4196fcc 100644 --- a/TODO +++ b/TODO @@ -8,3 +8,5 @@ Add various auto replay options: Might need to #include in blabouncer.c to make some operating systems and/or compilers happy. Load all settings from configuration file at startup instead of referring to it for certain things (password/nick2/nick3). + +PROTOCTL NAMESX passed to other clients (perhaps add an in-code TODO to have it as an option as well as multi-prefix CAP). diff --git a/blabouncer.c b/blabouncer.c index baf27c6..ff8667a 100644 --- a/blabouncer.c +++ b/blabouncer.c @@ -93,9 +93,12 @@ int connecttoircserver(SSL_CTX **serverctx, SSL **server_ssl, int *serversockfd, *server_ssl = SSL_new(*serverctx); SSL_set_fd(*server_ssl, *serversockfd); if (SSL_connect(*server_ssl) == -1) { - ERR_print_errors_fp(stderr); + char* errstr = openssl_error_string(); + debugprint(DEBUG_CRIT, "SSL_connect failed - %s", errstr); + if (errstr != NULL) free(errstr); } else { debugprint(DEBUG_FULL, "SSL_connect() success.\n"); + } debugprint(DEBUG_FULL, "server openssl complete.\n"); } else { @@ -704,8 +707,9 @@ void dochat(int *serversockfd, int *clientsockfd, struct settings *settings) { clients[j].ssl = SSL_new(ctx); SSL_set_fd(clients[j].ssl, newfd); if (SSL_accept(clients[j].ssl) <= 0) { - debugprint(DEBUG_CRIT, "SSL_accept failed for fd %d.\n", clients[j].fd); - ERR_print_errors_fp(stderr); + char* errstr = openssl_error_string(); + debugprint(DEBUG_CRIT, "SSL_accept failed for fd %d - %s", clients[j].fd, errstr); + if (errstr != NULL) free(errstr); } else { debugprint(DEBUG_FULL, "SSL_accept succeeded for fd %d.\n", clients[j].fd); } diff --git a/sockets.c b/sockets.c index 9f3563f..bf83176 100644 --- a/sockets.c +++ b/sockets.c @@ -173,9 +173,9 @@ SSL_CTX *create_openssl_context(int type) { ctx = SSL_CTX_new(method); if (!ctx) { - perror("Unable to create SSL context"); - ERR_print_errors_fp(stderr); - debugprint(DEBUG_CRIT, "Unable to create SSL context, errno '%d'.\n", errno); + char* errstr = openssl_error_string(); + debugprint(DEBUG_CRIT, "Unable to create SSL context, errno '%d', type '%d' - %s", errno, type, errstr); + if (errstr != NULL) free(errstr); exit(EXIT_FAILURE); } @@ -227,3 +227,16 @@ int socksend(SSL *fd, char *buf, int bufsize, int tls) { return send((long int)fd, buf, bufsize, 0); } } + +char *openssl_error_string() { + BIO *bio = BIO_new (BIO_s_mem ()); + ERR_print_errors (bio); + char *buf = NULL; + size_t len = BIO_get_mem_data (bio, &buf); + char *ret = (char *)calloc(1, 1 + len); + if (ret) { + memcpy(ret, buf, len); + } + BIO_free (bio); + return ret; +} diff --git a/sockets.h b/sockets.h index c1d74c7..4fb6c20 100644 --- a/sockets.h +++ b/sockets.h @@ -68,4 +68,7 @@ int sockread(SSL *fd, char *buf, int bufsize, int tls); // Write to a socket, whether or not using TLS int socksend(SSL *fd, char *buf, int bufsize, int tls); +// Return character array of latest OpenSSL error +char *openssl_error_string(); + #endif -- cgit v1.2.3