From df70539f9fe01a16d0f561ad9c6f5d7a955039c0 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 10 Feb 2020 14:50:03 +0900
Subject: [PATCH] resolve: error handling improvements

---
 src/resolve/resolved-dnstls-openssl.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c
index ce0a437371..8f58efacbd 100644
--- a/src/resolve/resolved-dnstls-openssl.c
+++ b/src/resolve/resolved-dnstls-openssl.c
@@ -73,7 +73,9 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
                 return -ENOMEM;
 
         SSL_set_connect_state(s);
-        SSL_set_session(s, server->dnstls_data.session);
+        r = SSL_set_session(s, server->dnstls_data.session);
+        if (r == 0)
+                return -EIO;
         SSL_set_bio(s, TAKE_PTR(rb), TAKE_PTR(wb));
 
         if (server->manager->dns_over_tls_mode == DNS_OVER_TLS_YES) {
@@ -83,7 +85,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
                 SSL_set_verify(s, SSL_VERIFY_PEER, NULL);
                 v = SSL_get0_param(s);
                 ip = server->family == AF_INET ? (const unsigned char*) &server->address.in.s_addr : server->address.in6.s6_addr;
-                if (!X509_VERIFY_PARAM_set1_ip(v, ip, FAMILY_ADDRESS_SIZE(server->family)))
+                if (X509_VERIFY_PARAM_set1_ip(v, ip, FAMILY_ADDRESS_SIZE(server->family)) == 0)
                         return -ECONNREFUSED;
         }
 
@@ -106,8 +108,8 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
                         char errbuf[256];
 
                         ERR_error_string_n(error, errbuf, sizeof(errbuf));
-                        log_debug("Failed to invoke SSL_do_handshake: %s", errbuf);
-                        return -ECONNREFUSED;
+                        return log_debug_errno(SYNTHETIC_ERRNO(ECONNREFUSED),
+                                               "Failed to invoke SSL_do_handshake: %s", errbuf);
                 }
         }
 
@@ -368,20 +370,27 @@ void dnstls_server_free(DnsServer *server) {
 
 int dnstls_manager_init(Manager *manager) {
         int r;
+
         assert(manager);
 
         ERR_load_crypto_strings();
         SSL_load_error_strings();
-        manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
 
+        manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
         if (!manager->dnstls_data.ctx)
                 return -ENOMEM;
 
-        SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
-        SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
+        r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
+        if (r == 0)
+                return -EIO;
+
+        (void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
+
         r = SSL_CTX_set_default_verify_paths(manager->dnstls_data.ctx);
-        if (r < 0)
-                log_warning("Failed to load system trust store: %s", ERR_error_string(ERR_get_error(), NULL));
+        if (r == 0)
+                return log_warning_errno(SYNTHETIC_ERRNO(EIO),
+                                         "Failed to load system trust store: %s",
+                                         ERR_error_string(ERR_get_error(), NULL));
 
         return 0;
 }