From: Marcel Poul Date: Sun, 4 Dec 2011 20:47:58 +0000 (+0000) Subject: unsigned long ssl_ret only for ERR_get_error; human readable error codes better forma... X-Git-Tag: merge_30_head_take2_after~42 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=9ec0a07fca89858d4b182a6ab7bd29a14d7906c6;p=jra1mw.git unsigned long ssl_ret only for ERR_get_error; human readable error codes better formatted (prefixes added) --- diff --git a/emi.canl.canl-c/src/canl_cert.c b/emi.canl.canl-c/src/canl_cert.c index 6996144..0fe0301 100644 --- a/emi.canl.canl-c/src/canl_cert.c +++ b/emi.canl.canl-c/src/canl_cert.c @@ -75,7 +75,8 @@ int do_set_ctx_own_cert_file(glb_ctx *cc, char *cert, char *key) static int set_key_file(glb_ctx *cc, char *key) { - unsigned long err = 0; + unsigned long ssl_err = 0; + int err = 0; FILE * key_file = NULL; if (!cc->cert_key){ @@ -105,8 +106,8 @@ static int set_key_file(glb_ctx *cc, char *key) /*TODO NULL NULL, callback and user data*/ cc->cert_key->key = PEM_read_PrivateKey(key_file, NULL, NULL, NULL); if (!cc->cert_key->key) { - err = ERR_get_error(); - set_error(cc, err, ssl_error, "error while writing key to context" + ssl_err = ERR_get_error(); + set_error(cc, ssl_err, ssl_error, "error while writing key to context" " (set_key_file)"); goto end; } @@ -124,12 +125,13 @@ end: update_error(cc, "cannot close file with key" " (set_key_file)"); } - return err; + return 1; } static int set_cert_file(glb_ctx *cc, char *cert) { - unsigned long err = 0; + unsigned long ssl_err = 0; + int err = 0; FILE * cert_file = NULL; if (!cc->cert_key){ @@ -158,8 +160,8 @@ static int set_cert_file(glb_ctx *cc, char *cert) /*TODO NULL NULL, callback and user data*/ cc->cert_key->cert = PEM_read_X509(cert_file, NULL, NULL, NULL); if (!cc->cert_key->cert) { - err = ERR_get_error(); - set_error(cc, err, ssl_error, "error while writing certificate" + ssl_err = ERR_get_error(); + set_error(cc, ssl_err, ssl_error, "error while writing certificate" " to context (set_cert_file)"); goto end; } @@ -178,5 +180,5 @@ end: update_error(cc, "cannot close file with certificate" " (set_cert_file)"); } - return err; + return 1; } diff --git a/emi.canl.canl-c/src/canl_err.c b/emi.canl.canl-c/src/canl_err.c index 8006e21..87b4b7e 100644 --- a/emi.canl.canl-c/src/canl_err.c +++ b/emi.canl.canl-c/src/canl_err.c @@ -9,7 +9,7 @@ static unsigned long resolve_error(glb_ctx *cc, unsigned long err_code, CANL_ERROR_ORIGIN err_orig); -static void get_error_string(glb_ctx *cc, char *code_str, int *code_len); +static void get_error_string(glb_ctx *cc, char *code_str); /* Save error message into err_msg * use NULL for empty err_format */ @@ -18,6 +18,8 @@ void update_error (glb_ctx *cc, const char *err_format, ...) unsigned int err_msg_len = 0; unsigned int err_msg_sum = 0; // sum of msg and format lengths int err_format_len = 0; + int separator_len = 0; + const char *separator = "\n"; va_list ap; char *new_msg; @@ -27,6 +29,7 @@ void update_error (glb_ctx *cc, const char *err_format, ...) if (err_format == NULL) { return; } + separator_len = strlen(separator); va_start(ap, err_format); @@ -40,13 +43,12 @@ void update_error (glb_ctx *cc, const char *err_format, ...) err_msg_len = strlen(cc->err_msg); /* Add new error message to older one */ - err_msg_sum = err_format_len + err_msg_len; - /* separator ; and ending '\0' -> 2 bytes */ - cc->err_msg = (char *) realloc (cc->err_msg, (err_msg_sum + 2)*sizeof(char)); + err_msg_sum = err_format_len + err_msg_len + separator_len + 1; + cc->err_msg = (char *) realloc (cc->err_msg, (err_msg_sum)*sizeof(char)); if (cc->err_msg == NULL) return; - strcat (cc->err_msg, ";"); + strcat (cc->err_msg, separator); strcat (cc->err_msg, new_msg); free(new_msg); @@ -97,6 +99,10 @@ int canl_get_error(canl_ctx cc, char **reason) char *new_error = NULL; char code_str[ERR_CODE_LEN]; int code_len = 0; + char *separ = "\n"; + int separ_len = 0; + const char *msg_pref = "[CANL:MSG] "; + int msg_pref_len = 0; code_str[0] = '\0'; @@ -112,20 +118,23 @@ int canl_get_error(canl_ctx cc, char **reason) goto end; /* get human readable error code*/ - get_error_string(cc, code_str, &code_len); - - /* 1 for new line*/ - error_length = strlen(ctx->err_msg) + code_len + 1; - new_error = (char *) malloc ((error_length + 1) * sizeof (char)); + get_error_string(cc, code_str); + code_len = strlen(code_str); + + separ_len = strlen(separ); + msg_pref_len = strlen(msg_pref); + error_length = msg_pref_len + strlen(ctx->err_msg) + code_len + + separ_len + 1; + new_error = (char *) malloc ((error_length) * sizeof (char)); if (!new_error) { err = ENOMEM; e_orig = posix_error; goto end; } - strncpy(new_error, code_str, code_len); - new_error[code_len] = '\n'; - new_error[code_len + 1] = '\0'; + strncpy(new_error, code_str, code_len + 1); + strncat(new_error, separ, separ_len + 1); + strncat(new_error, msg_pref, msg_pref_len + 1); strncat(new_error, ctx->err_msg, error_length + 1); end: @@ -136,12 +145,33 @@ end: } /*TODO ! map error codes to their human readable strings */ -static void get_error_string(glb_ctx *cc, char *code_str, int *code_len) +static void get_error_string(glb_ctx *cc, char *code_str) { - *code_len = 0; - if (cc->err_orig == ssl_error) - ERR_error_string_n(cc->err_code, code_str, ERR_CODE_LEN); - *code_len = strlen(code_str); + int prefix_len = 0; + char *ssl_prefix = "[CANL:ERR:OPEN_SSL] "; + char *posix_prefix = "[CANL:ERR:POSIX] "; + char *posix_str = NULL; + + switch (cc->err_orig) { + case ssl_error: + prefix_len = strlen(ssl_prefix); + strncpy(code_str, ssl_prefix, prefix_len + 1); + ERR_error_string_n(cc->err_code, code_str + prefix_len, + ERR_CODE_LEN - prefix_len); + break; + case posix_error: + prefix_len = strlen(posix_prefix); + strncpy(code_str, posix_prefix, prefix_len + 1); + posix_str = strerror(cc->err_code); + if (posix_str) { + strncpy(code_str + prefix_len, posix_str, + ERR_CODE_LEN - prefix_len); + code_str[ERR_CODE_LEN - 1] = '\0'; + } + break; + default: + break; + } } /*if the error code is known to colin, assign appropriate colin code diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c index 421982f..78f8cd0 100644 --- a/emi.canl.canl-c/src/canl_ssl.c +++ b/emi.canl.canl-c/src/canl_ssl.c @@ -10,7 +10,8 @@ static void dbg_print_ssl_error(int errorcode); int ssl_server_init(glb_ctx *cc, io_handler *io) { - unsigned long err = 0; + int err = 0; + unsigned long ssl_err = 0; CANL_ERROR_ORIGIN e_orig = unknown_error; if (!cc) { @@ -41,8 +42,8 @@ int ssl_server_init(glb_ctx *cc, io_handler *io) //err = SSL_CTX_set_cipher_list(cc->ssl_ctx, "ALL:!LOW:!EXP:!MD5:!MD2"); err = SSL_CTX_set_cipher_list(cc->ssl_ctx, "ALL"); if (!err) { - err = ERR_get_error(); - set_error(cc, err, e_orig, "no cipher to use" + ssl_err = ERR_get_error(); + set_error(cc, ssl_err, e_orig, "no cipher to use" " (ssl_server_init)"); return err; } @@ -58,7 +59,7 @@ int ssl_server_init(glb_ctx *cc, io_handler *io) if (cc->cert_key->cert) { err = SSL_CTX_use_certificate(cc->ssl_ctx, cc->cert_key->cert); if (err != 1) { - err = ERR_get_error(); + ssl_err = ERR_get_error(); e_orig = ssl_error; goto end; } @@ -68,7 +69,7 @@ int ssl_server_init(glb_ctx *cc, io_handler *io) if (cc->cert_key->key) { err = SSL_CTX_use_PrivateKey(cc->ssl_ctx, cc->cert_key->key); if (err != 1) { - err = ERR_get_error(); + ssl_err = ERR_get_error(); e_orig = ssl_error; goto end; } @@ -79,31 +80,37 @@ int ssl_server_init(glb_ctx *cc, io_handler *io) else { set_error(cc, err, unknown_error, "server key or certificate missing" " (ssl_server_init)"); - return -1; + return 1; } /*Make sure the key and certificate file match*/ if ( (err = SSL_CTX_check_private_key(cc->ssl_ctx)) != 1) { - err = ERR_get_error(); + ssl_err = ERR_get_error(); e_orig = ssl_error; - set_error(cc, err, e_orig, "Private key does not match" + set_error(cc, ssl_err, e_orig, "Private key does not match" " the certificate public key (ssl_server_init)"); - return -1; + return 1; } else err = 0; end: - if (err) { - set_error(cc, err, e_orig, "cannot initialize SSL context" + if (ssl_err) { + set_error(cc, ssl_err, e_orig, "cannot initialize SSL context" " (ssl_server_init)"); - return -1; + return 1; + } + else if (err) { + set_error(cc, ssl_err, e_orig, "cannot initialize SSL context" + " (ssl_server_init)"); + return 1; } return 0; } int ssl_client_init(glb_ctx *cc, io_handler *io) { - unsigned long err = 0; + unsigned long ssl_err = 0; + int err = 0; CANL_ERROR_ORIGIN e_orig = unknown_error; if (!cc) { @@ -123,7 +130,7 @@ int ssl_client_init(glb_ctx *cc, io_handler *io) cc->ssl_ctx = SSL_CTX_new(SSL_CLIENT_METH); if (!cc->ssl_ctx){ - err = ERR_get_error(); + ssl_err = ERR_get_error(); e_orig = ssl_error; goto end; } @@ -134,8 +141,8 @@ int ssl_client_init(glb_ctx *cc, io_handler *io) //err = SSL_CTX_set_cipher_list(cc->ssl_ctx, "ALL:!LOW:!EXP:!MD5:!MD2"); err = SSL_CTX_set_cipher_list(cc->ssl_ctx, "ALL"); if (!err) { - err = ERR_get_error(); - set_error(cc, err, e_orig, "no cipher to use" + ssl_err = ERR_get_error(); + set_error(cc, ssl_err, e_orig, "no cipher to use" " (ssl_server_init)"); return err; } @@ -154,7 +161,7 @@ int ssl_client_init(glb_ctx *cc, io_handler *io) if (cc->cert_key->key) { err = SSL_CTX_use_PrivateKey(cc->ssl_ctx, cc->cert_key->key); if (err != 1) { - err = ERR_get_error(); + ssl_err = ERR_get_error(); e_orig = ssl_error; goto end; } @@ -162,7 +169,7 @@ int ssl_client_init(glb_ctx *cc, io_handler *io) else if (cc->cert_key->cert) { err = SSL_CTX_use_certificate(cc->ssl_ctx, cc->cert_key->cert); if (err != 1) { - err = ERR_get_error(); + ssl_err = ERR_get_error(); e_orig = ssl_error; goto end; } @@ -170,10 +177,15 @@ int ssl_client_init(glb_ctx *cc, io_handler *io) } end: - if (err) { + if (ssl_err) { + set_error(cc, ssl_err, e_orig, "cannot initialize SSL context" + " (ssl_client_init)"); + return 1; + } + else if (err) { set_error(cc, err, e_orig, "cannot initialize SSL context" " (ssl_client_init)"); - return -1; + return 1; } return 0; } @@ -323,7 +335,8 @@ static int do_ssl_connect( glb_ctx *cc, io_handler *io, struct timeval *timeout) { time_t starttime, curtime; int ret = -1, ret2 = -1; - unsigned long err = 0; + unsigned long ssl_err = 0; + int err = 0; CANL_ERROR_ORIGIN e_orig = unknown_error; long errorcode = 0; int expected = 0; @@ -342,7 +355,7 @@ static int do_ssl_connect( glb_ctx *cc, io_handler *io, struct timeval *timeout) if (ret > 0) { ret2 = SSL_connect(io->s_ctx->ssl_io); if (ret2 < 0) { - err = ERR_get_error(); + ssl_err = ERR_get_error(); e_orig = ssl_error; } expected = errorcode = SSL_get_error(io->s_ctx->ssl_io, ret2); @@ -359,15 +372,15 @@ static int do_ssl_connect( glb_ctx *cc, io_handler *io, struct timeval *timeout) set_error (cc, err, posix_error, "Connection stuck during handshake: timeout reached (do_ssl_connect)"); } else if (ret2 < 0) - set_error (cc, err, e_orig, "Error during SSL handshake" + set_error (cc, ssl_err, e_orig, "Error during SSL handshake" " (do_ssl_connect)"); else if (ret2 == 0) - set_error (cc, err, unknown_error, "Connection closed" + set_error (cc, 0, unknown_error, "Connection closed" " by the other side (do_ssl_connect)"); else set_error (cc, err, unknown_error, "Error during SSL handshake" " (do_ssl_connect)"); - return -1; + return 1; } return 0; } @@ -376,7 +389,8 @@ static int do_ssl_accept( glb_ctx *cc, io_handler *io, struct timeval *timeout) { time_t starttime, curtime; int ret = -1, ret2 = -1; - unsigned long err = 0; + unsigned long ssl_err = 0; + int err = 0; CANL_ERROR_ORIGIN e_orig = unknown_error; long errorcode = 0; int expected = 0; @@ -395,7 +409,7 @@ static int do_ssl_accept( glb_ctx *cc, io_handler *io, struct timeval *timeout) if (ret > 0) { ret2 = SSL_accept(io->s_ctx->ssl_io); if (ret2 < 0) { - err = ERR_peek_error(); + ssl_err = ERR_peek_error(); e_orig = ssl_error; } expected = errorcode = SSL_get_error(io->s_ctx->ssl_io, ret2); @@ -418,15 +432,15 @@ static int do_ssl_accept( glb_ctx *cc, io_handler *io, struct timeval *timeout) " during handshake: timeout reached (do_ssl_accept)"); } else if (ret2 < 0) - set_error (cc, err, e_orig, "Error during SSL handshake" + set_error (cc, ssl_err, e_orig, "Error during SSL handshake" " (do_ssl_accept)"); else if (ret2 == 0) - set_error (cc, err, unknown_error, "connection closed by" + set_error (cc, 0, unknown_error, "connection closed by" " the other side (do_ssl_accept)"); else - set_error (cc, err, unknown_error, "Error during SSL handshake" + set_error (cc, 0, unknown_error, "Error during SSL handshake" " (do_ssl_accept)"); - return -1; + return 1; } return 0; }