1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

client: tls: simplify validation fail reporting at CCE

We have access to a simplified report of the problem name for tls
validation inside the validation cb, let's bring it out and
use it for OpenSSL CCE reporting.
This commit is contained in:
Andy Green 2021-04-15 09:30:43 +01:00
parent 5e7617ae9e
commit 935894f1f7
2 changed files with 8 additions and 2 deletions

View file

@ -122,6 +122,9 @@ OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
int depth = X509_STORE_CTX_get_error_depth(x509_ctx);
const char *msg = X509_verify_cert_error_string(err);
lws_strncpy(wsi->tls.err_helper, msg,
sizeof(wsi->tls.err_helper));
lwsl_err("SSL error: %s (preverify_ok=%d;err=%d;"
"depth=%d)\n", msg, preverify_ok, err, depth);
@ -439,6 +442,7 @@ lws_tls_client_connect(struct lws *wsi, char *errbuf, size_t elen)
#endif
errno = 0;
ERR_clear_error();
wsi->tls.err_helper[0] = '\0';
n = SSL_connect(wsi->tls.ssl);
en = errno;
@ -457,8 +461,9 @@ lws_tls_client_connect(struct lws *wsi, char *errbuf, size_t elen)
}
if (m == SSL_ERROR_SSL) {
n = lws_snprintf(errbuf, elen, "connect SSL err %d: ", m);
ERR_error_string_n((unsigned int)m, errbuf + n, (elen - (unsigned int)n));
n = lws_snprintf(errbuf, elen, "tls: %s", wsi->tls.err_helper);
if (!wsi->tls.err_helper[0])
ERR_error_string_n((unsigned int)m, errbuf + n, (elen - (unsigned int)n));
return LWS_SSL_CAPABLE_ERROR;
}

View file

@ -78,6 +78,7 @@ struct lws_lws_tls {
lws_tls_conn *ssl;
lws_tls_bio *client_bio;
struct lws_dll2 dll_pending_tls;
char err_helper[32];
unsigned int use_ssl;
unsigned int redirect_to_https:1;
};