resolved: log error messages for openssl/gnutls context creation

In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting an error message: Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory I expect that this actually comes from dnstls_manager_init(), the openssl version. But without real logs it's hard to know for sure. Use EIO instead of ENOMEM, because the problem is unlikely to be actually related to memory. (cherry picked from commit ee95e86ae163e436384f1b782a77a7e18deba890) (cherry picked from commit abd1e408203d5d445b05f4dc0ac07e35114532d1) (cherry picked from commit 67954b455473b29f8a41be14f5b778044b7cfafa)
2025-01-21 18:03:41 +03:00 · 2024-11-03 12:58:12 +01:00 · 2024-11-03 12:58:12 +01:00 · 17a3a8e91b
commit 17a3a8e91b
parent 823181ee95
2 changed files with 9 additions and 4 deletions
--- a/src/resolve/resolved-dnstls-gnutls.c
+++ b/src/resolve/resolved-dnstls-gnutls.c
@ -236,7 +236,9 @@ int dnstls_manager_init(Manager *manager) {

        r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
        if (r < 0)
-                return -ENOMEM;
+                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                         "Failed to allocate SSL credentials: %s",
+                                         gnutls_strerror(r));

        r = gnutls_certificate_set_x509_system_trust(manager->dnstls_data.cert_cred);
        if (r < 0)
--- a/src/resolve/resolved-dnstls-openssl.c
+++ b/src/resolve/resolved-dnstls-openssl.c
@ -397,11 +397,15 @@ int dnstls_manager_init(Manager *manager) {

        manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
        if (!manager->dnstls_data.ctx)
-                return -ENOMEM;
+                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                         "Failed to create SSL context: %s",
+                                         ERR_error_string(ERR_get_error(), NULL));

        r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
        if (r == 0)
-                return -EIO;
+                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                         "Failed to set protocol version on SSL context: %s",
+                                         ERR_error_string(ERR_get_error(), NULL));

        (void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);

@ -410,7 +414,6 @@ int dnstls_manager_init(Manager *manager) {
                return log_warning_errno(SYNTHETIC_ERRNO(EIO),
                                         "Failed to load system trust store: %s",
                                         ERR_error_string(ERR_get_error(), NULL));
-
        return 0;
 }