shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-03-08 08:58:27 +03:00
Code

resolved: Fix OpenSSL error messages

Browse Source
This commit is contained in:
Benjamin Fogle 2022-11-17 09:52:50 -05:00 committed by Yu Watanabe
parent 6ad17c31fb
commit f4a49d1c58
1 changed files with 26 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
src/resolve/resolved-dnstls-openssl.c
View File

@ -14,6 +14,19 @@
#include "resolved-dnstls.h"
#include "resolved-manager.h"
static char *dnstls_error_string(int ssl_error, char *buf, size_t count) {
assert(buf || count == 0);
if (ssl_error == SSL_ERROR_SSL)
ERR_error_string_n(ERR_get_error(), buf, count);
else
snprintf(buf, count, "SSL_get_error()=%d", ssl_error);
return buf;
}
#define DNSTLS_ERROR_BUFSIZE 256
#define DNSTLS_ERROR_STRING(error) \
dnstls_error_string((error), (char[DNSTLS_ERROR_BUFSIZE]){}, DNSTLS_ERROR_BUFSIZE)
static int dnstls_flush_write_buffer(DnsStream *stream) {
ssize_t ss;
@ -97,26 +110,18 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
if (server->server_name) {
r = SSL_set_tlsext_host_name(s, server->server_name);
if (r <= 0) {
char errbuf[256];
error = ERR_get_error();
ERR_error_string_n(error, errbuf, sizeof(errbuf));
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set server name: %s", errbuf);
}
if (r <= 0)
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL),
"Failed to set server name: %s", DNSTLS_ERROR_STRING(SSL_ERROR_SSL));
}
ERR_clear_error();
stream->dnstls_data.handshake = SSL_do_handshake(s);
if (stream->dnstls_data.handshake <= 0) {
error = SSL_get_error(s, stream->dnstls_data.handshake);
if (!IN_SET(error, SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE)) {
char errbuf[256];
ERR_error_string_n(error, errbuf, sizeof(errbuf));
if (!IN_SET(error, SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE))
return log_debug_errno(SYNTHETIC_ERRNO(ECONNREFUSED),
"Failed to invoke SSL_do_handshake: %s", errbuf);
}
"Failed to invoke SSL_do_handshake: %s", DNSTLS_ERROR_STRING(error));
}
stream->encrypted = true;
@ -177,12 +182,8 @@ int dnstls_stream_on_io(DnsStream *stream, uint32_t revents) {
} else if (error == SSL_ERROR_SYSCALL) {
if (errno > 0)
log_debug_errno(errno, "Failed to invoke SSL_shutdown, ignoring: %m");
} else {
char errbuf[256];
ERR_error_string_n(error, errbuf, sizeof(errbuf));
log_debug("Failed to invoke SSL_shutdown, ignoring: %s", errbuf);
}
} else
log_debug("Failed to invoke SSL_shutdown, ignoring: %s", DNSTLS_ERROR_STRING(error));
}
stream->dnstls_events = 0;
@ -206,14 +207,10 @@ int dnstls_stream_on_io(DnsStream *stream, uint32_t revents) {
return r;
return -EAGAIN;
} else {
char errbuf[256];
ERR_error_string_n(error, errbuf, sizeof(errbuf));
} else
return log_debug_errno(SYNTHETIC_ERRNO(ECONNREFUSED),
"Failed to invoke SSL_do_handshake: %s",
errbuf);
}
DNSTLS_ERROR_STRING(error));
}
stream->dnstls_events = 0;
@ -275,12 +272,8 @@ int dnstls_stream_shutdown(DnsStream *stream, int error) {
} else if (ssl_error == SSL_ERROR_SYSCALL) {
if (errno > 0)
log_debug_errno(errno, "Failed to invoke SSL_shutdown, ignoring: %m");
} else {
char errbuf[256];
ERR_error_string_n(ssl_error, errbuf, sizeof(errbuf));
log_debug("Failed to invoke SSL_shutdown, ignoring: %s", errbuf);
}
} else
log_debug("Failed to invoke SSL_shutdown, ignoring: %s", DNSTLS_ERROR_STRING(ssl_error));
}
stream->dnstls_events = 0;
@ -307,10 +300,7 @@ static ssize_t dnstls_stream_write(DnsStream *stream, const char *buf, size_t co
stream->dnstls_events = 0;
ss = 0;
} else {
char errbuf[256];
ERR_error_string_n(error, errbuf, sizeof(errbuf));
log_debug("Failed to invoke SSL_write: %s", errbuf);
log_debug("Failed to invoke SSL_write: %s", DNSTLS_ERROR_STRING(error));
stream->dnstls_events = 0;
ss = -EPIPE;
}
@ -375,10 +365,7 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count) {
stream->dnstls_events = 0;
ss = 0;
} else {
char errbuf[256];
ERR_error_string_n(error, errbuf, sizeof(errbuf));
log_debug("Failed to invoke SSL_read: %s", errbuf);
log_debug("Failed to invoke SSL_read: %s", DNSTLS_ERROR_STRING(error));
stream->dnstls_events = 0;
ss = -EPIPE;
}