static int set_key_file(glb_ctx *cc, char *key)
{
- unsigned long err = 0;
+ unsigned long ssl_err = 0;
+ int err = 0;
FILE * key_file = NULL;
if (!cc->cert_key){
/*TODO NULL NULL, callback and user data*/
cc->cert_key->key = PEM_read_PrivateKey(key_file, NULL, NULL, NULL);
if (!cc->cert_key->key) {
- err = ERR_get_error();
- set_error(cc, err, ssl_error, "error while writing key to context"
+ ssl_err = ERR_get_error();
+ set_error(cc, ssl_err, ssl_error, "error while writing key to context"
" (set_key_file)");
goto end;
}
update_error(cc, "cannot close file with key"
" (set_key_file)");
}
- return err;
+ return 1;
}
static int set_cert_file(glb_ctx *cc, char *cert)
{
- unsigned long err = 0;
+ unsigned long ssl_err = 0;
+ int err = 0;
FILE * cert_file = NULL;
if (!cc->cert_key){
/*TODO NULL NULL, callback and user data*/
cc->cert_key->cert = PEM_read_X509(cert_file, NULL, NULL, NULL);
if (!cc->cert_key->cert) {
- err = ERR_get_error();
- set_error(cc, err, ssl_error, "error while writing certificate"
+ ssl_err = ERR_get_error();
+ set_error(cc, ssl_err, ssl_error, "error while writing certificate"
" to context (set_cert_file)");
goto end;
}
update_error(cc, "cannot close file with certificate"
" (set_cert_file)");
}
- return err;
+ return 1;
}
static unsigned long resolve_error(glb_ctx *cc, unsigned long err_code,
CANL_ERROR_ORIGIN err_orig);
-static void get_error_string(glb_ctx *cc, char *code_str, int *code_len);
+static void get_error_string(glb_ctx *cc, char *code_str);
/* Save error message into err_msg
* use NULL for empty err_format */
unsigned int err_msg_len = 0;
unsigned int err_msg_sum = 0; // sum of msg and format lengths
int err_format_len = 0;
+ int separator_len = 0;
+ const char *separator = "\n";
va_list ap;
char *new_msg;
if (err_format == NULL) {
return;
}
+ separator_len = strlen(separator);
va_start(ap, err_format);
err_msg_len = strlen(cc->err_msg);
/* Add new error message to older one */
- err_msg_sum = err_format_len + err_msg_len;
- /* separator ; and ending '\0' -> 2 bytes */
- cc->err_msg = (char *) realloc (cc->err_msg, (err_msg_sum + 2)*sizeof(char));
+ err_msg_sum = err_format_len + err_msg_len + separator_len + 1;
+ cc->err_msg = (char *) realloc (cc->err_msg, (err_msg_sum)*sizeof(char));
if (cc->err_msg == NULL)
return;
- strcat (cc->err_msg, ";");
+ strcat (cc->err_msg, separator);
strcat (cc->err_msg, new_msg);
free(new_msg);
char *new_error = NULL;
char code_str[ERR_CODE_LEN];
int code_len = 0;
+ char *separ = "\n";
+ int separ_len = 0;
+ const char *msg_pref = "[CANL:MSG] ";
+ int msg_pref_len = 0;
code_str[0] = '\0';
goto end;
/* get human readable error code*/
- get_error_string(cc, code_str, &code_len);
-
- /* 1 for new line*/
- error_length = strlen(ctx->err_msg) + code_len + 1;
- new_error = (char *) malloc ((error_length + 1) * sizeof (char));
+ get_error_string(cc, code_str);
+ code_len = strlen(code_str);
+
+ separ_len = strlen(separ);
+ msg_pref_len = strlen(msg_pref);
+ error_length = msg_pref_len + strlen(ctx->err_msg) + code_len +
+ separ_len + 1;
+ new_error = (char *) malloc ((error_length) * sizeof (char));
if (!new_error) {
err = ENOMEM;
e_orig = posix_error;
goto end;
}
- strncpy(new_error, code_str, code_len);
- new_error[code_len] = '\n';
- new_error[code_len + 1] = '\0';
+ strncpy(new_error, code_str, code_len + 1);
+ strncat(new_error, separ, separ_len + 1);
+ strncat(new_error, msg_pref, msg_pref_len + 1);
strncat(new_error, ctx->err_msg, error_length + 1);
end:
}
/*TODO ! map error codes to their human readable strings */
-static void get_error_string(glb_ctx *cc, char *code_str, int *code_len)
+static void get_error_string(glb_ctx *cc, char *code_str)
{
- *code_len = 0;
- if (cc->err_orig == ssl_error)
- ERR_error_string_n(cc->err_code, code_str, ERR_CODE_LEN);
- *code_len = strlen(code_str);
+ int prefix_len = 0;
+ char *ssl_prefix = "[CANL:ERR:OPEN_SSL] ";
+ char *posix_prefix = "[CANL:ERR:POSIX] ";
+ char *posix_str = NULL;
+
+ switch (cc->err_orig) {
+ case ssl_error:
+ prefix_len = strlen(ssl_prefix);
+ strncpy(code_str, ssl_prefix, prefix_len + 1);
+ ERR_error_string_n(cc->err_code, code_str + prefix_len,
+ ERR_CODE_LEN - prefix_len);
+ break;
+ case posix_error:
+ prefix_len = strlen(posix_prefix);
+ strncpy(code_str, posix_prefix, prefix_len + 1);
+ posix_str = strerror(cc->err_code);
+ if (posix_str) {
+ strncpy(code_str + prefix_len, posix_str,
+ ERR_CODE_LEN - prefix_len);
+ code_str[ERR_CODE_LEN - 1] = '\0';
+ }
+ break;
+ default:
+ break;
+ }
}
/*if the error code is known to colin, assign appropriate colin code
int ssl_server_init(glb_ctx *cc, io_handler *io)
{
- unsigned long err = 0;
+ int err = 0;
+ unsigned long ssl_err = 0;
CANL_ERROR_ORIGIN e_orig = unknown_error;
if (!cc) {
//err = SSL_CTX_set_cipher_list(cc->ssl_ctx, "ALL:!LOW:!EXP:!MD5:!MD2");
err = SSL_CTX_set_cipher_list(cc->ssl_ctx, "ALL");
if (!err) {
- err = ERR_get_error();
- set_error(cc, err, e_orig, "no cipher to use"
+ ssl_err = ERR_get_error();
+ set_error(cc, ssl_err, e_orig, "no cipher to use"
" (ssl_server_init)");
return err;
}
if (cc->cert_key->cert) {
err = SSL_CTX_use_certificate(cc->ssl_ctx, cc->cert_key->cert);
if (err != 1) {
- err = ERR_get_error();
+ ssl_err = ERR_get_error();
e_orig = ssl_error;
goto end;
}
if (cc->cert_key->key) {
err = SSL_CTX_use_PrivateKey(cc->ssl_ctx, cc->cert_key->key);
if (err != 1) {
- err = ERR_get_error();
+ ssl_err = ERR_get_error();
e_orig = ssl_error;
goto end;
}
else {
set_error(cc, err, unknown_error, "server key or certificate missing"
" (ssl_server_init)");
- return -1;
+ return 1;
}
/*Make sure the key and certificate file match*/
if ( (err = SSL_CTX_check_private_key(cc->ssl_ctx)) != 1) {
- err = ERR_get_error();
+ ssl_err = ERR_get_error();
e_orig = ssl_error;
- set_error(cc, err, e_orig, "Private key does not match"
+ set_error(cc, ssl_err, e_orig, "Private key does not match"
" the certificate public key (ssl_server_init)");
- return -1;
+ return 1;
}
else
err = 0;
end:
- if (err) {
- set_error(cc, err, e_orig, "cannot initialize SSL context"
+ if (ssl_err) {
+ set_error(cc, ssl_err, e_orig, "cannot initialize SSL context"
" (ssl_server_init)");
- return -1;
+ return 1;
+ }
+ else if (err) {
+ set_error(cc, ssl_err, e_orig, "cannot initialize SSL context"
+ " (ssl_server_init)");
+ return 1;
}
return 0;
}
int ssl_client_init(glb_ctx *cc, io_handler *io)
{
- unsigned long err = 0;
+ unsigned long ssl_err = 0;
+ int err = 0;
CANL_ERROR_ORIGIN e_orig = unknown_error;
if (!cc) {
cc->ssl_ctx = SSL_CTX_new(SSL_CLIENT_METH);
if (!cc->ssl_ctx){
- err = ERR_get_error();
+ ssl_err = ERR_get_error();
e_orig = ssl_error;
goto end;
}
//err = SSL_CTX_set_cipher_list(cc->ssl_ctx, "ALL:!LOW:!EXP:!MD5:!MD2");
err = SSL_CTX_set_cipher_list(cc->ssl_ctx, "ALL");
if (!err) {
- err = ERR_get_error();
- set_error(cc, err, e_orig, "no cipher to use"
+ ssl_err = ERR_get_error();
+ set_error(cc, ssl_err, e_orig, "no cipher to use"
" (ssl_server_init)");
return err;
}
if (cc->cert_key->key) {
err = SSL_CTX_use_PrivateKey(cc->ssl_ctx, cc->cert_key->key);
if (err != 1) {
- err = ERR_get_error();
+ ssl_err = ERR_get_error();
e_orig = ssl_error;
goto end;
}
else if (cc->cert_key->cert) {
err = SSL_CTX_use_certificate(cc->ssl_ctx, cc->cert_key->cert);
if (err != 1) {
- err = ERR_get_error();
+ ssl_err = ERR_get_error();
e_orig = ssl_error;
goto end;
}
}
end:
- if (err) {
+ if (ssl_err) {
+ set_error(cc, ssl_err, e_orig, "cannot initialize SSL context"
+ " (ssl_client_init)");
+ return 1;
+ }
+ else if (err) {
set_error(cc, err, e_orig, "cannot initialize SSL context"
" (ssl_client_init)");
- return -1;
+ return 1;
}
return 0;
}
{
time_t starttime, curtime;
int ret = -1, ret2 = -1;
- unsigned long err = 0;
+ unsigned long ssl_err = 0;
+ int err = 0;
CANL_ERROR_ORIGIN e_orig = unknown_error;
long errorcode = 0;
int expected = 0;
if (ret > 0) {
ret2 = SSL_connect(io->s_ctx->ssl_io);
if (ret2 < 0) {
- err = ERR_get_error();
+ ssl_err = ERR_get_error();
e_orig = ssl_error;
}
expected = errorcode = SSL_get_error(io->s_ctx->ssl_io, ret2);
set_error (cc, err, posix_error, "Connection stuck during handshake: timeout reached (do_ssl_connect)");
}
else if (ret2 < 0)
- set_error (cc, err, e_orig, "Error during SSL handshake"
+ set_error (cc, ssl_err, e_orig, "Error during SSL handshake"
" (do_ssl_connect)");
else if (ret2 == 0)
- set_error (cc, err, unknown_error, "Connection closed"
+ set_error (cc, 0, unknown_error, "Connection closed"
" by the other side (do_ssl_connect)");
else
set_error (cc, err, unknown_error, "Error during SSL handshake"
" (do_ssl_connect)");
- return -1;
+ return 1;
}
return 0;
}
{
time_t starttime, curtime;
int ret = -1, ret2 = -1;
- unsigned long err = 0;
+ unsigned long ssl_err = 0;
+ int err = 0;
CANL_ERROR_ORIGIN e_orig = unknown_error;
long errorcode = 0;
int expected = 0;
if (ret > 0) {
ret2 = SSL_accept(io->s_ctx->ssl_io);
if (ret2 < 0) {
- err = ERR_peek_error();
+ ssl_err = ERR_peek_error();
e_orig = ssl_error;
}
expected = errorcode = SSL_get_error(io->s_ctx->ssl_io, ret2);
" during handshake: timeout reached (do_ssl_accept)");
}
else if (ret2 < 0)
- set_error (cc, err, e_orig, "Error during SSL handshake"
+ set_error (cc, ssl_err, e_orig, "Error during SSL handshake"
" (do_ssl_accept)");
else if (ret2 == 0)
- set_error (cc, err, unknown_error, "connection closed by"
+ set_error (cc, 0, unknown_error, "connection closed by"
" the other side (do_ssl_accept)");
else
- set_error (cc, err, unknown_error, "Error during SSL handshake"
+ set_error (cc, 0, unknown_error, "Error during SSL handshake"
" (do_ssl_accept)");
- return -1;
+ return 1;
}
return 0;
}
git://scientific.zcu.cz / jra1mw.git / commitdiff