mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
openssl: rename internal api for describe error stack and make it destructive again
This commit is contained in:
Andy Green
parent
89fd3d822e
commit
f60db2fff9
12 changed files with 35 additions and 33 deletions
|
|
@ -179,7 +179,7 @@ lws_tls_client_confirm_peer_cert(struct lws *wsi, char *ebuf, int ebuf_len)
|
|||
"server's cert didn't look good, X509_V_ERR = %d: %s\n",
|
||||
n, ERR_error_string(n, sb));
|
||||
lwsl_info("%s\n", ebuf);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
|
@ -278,7 +278,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
|
|||
if (n < 1) {
|
||||
lwsl_err("problem %d getting cert '%s'\n", n,
|
||||
cert_filepath);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -293,7 +293,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
|
|||
if (n < 1) {
|
||||
lwsl_err("%s: problem interpreting client cert\n",
|
||||
__func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
return 1;
|
||||
}
|
||||
lwsl_notice("%s: using mem client cert %d\n",
|
||||
|
|
|
|||
|
|
@ -265,7 +265,7 @@ lws_tls_server_new_nonblocking(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
if (wsi->tls.ssl == NULL) {
|
||||
lwsl_err("SSL_new failed: errno %d\n", errno);
|
||||
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
#include "tls/mbedtls/private.h"
|
||||
|
||||
void
|
||||
lws_tls_err_describe(void)
|
||||
lws_tls_err_describe_clear(void)
|
||||
{
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -220,7 +220,7 @@ lws_genaes_create(struct lws_genaes_ctx *ctx, enum enum_aes_operation op,
|
|||
if (!n) {
|
||||
lwsl_err("%s: cipher init failed (cipher %p)\n", __func__,
|
||||
ctx->cipher);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
goto bail;
|
||||
}
|
||||
|
||||
|
|
@ -254,7 +254,7 @@ lws_genaes_destroy(struct lws_genaes_ctx *ctx, unsigned char *tag, size_t tlen)
|
|||
EVP_CTRL_GCM_GET_TAG,
|
||||
ctx->taglen, tag) != 1) {
|
||||
lwsl_err("get tag ctrl failed\n");
|
||||
//lws_tls_err_describe();
|
||||
//lws_tls_err_describe_clear();
|
||||
n = 1;
|
||||
}
|
||||
}
|
||||
|
|
@ -262,7 +262,7 @@ lws_genaes_destroy(struct lws_genaes_ctx *ctx, unsigned char *tag, size_t tlen)
|
|||
case LWS_GAESO_DEC:
|
||||
if (EVP_DecryptFinal_ex(ctx->ctx, buf, &outl) != 1) {
|
||||
lwsl_err("%s: dec final failed\n", __func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
n = -1;
|
||||
}
|
||||
|
||||
|
|
@ -346,7 +346,7 @@ lws_genaes_crypt(struct lws_genaes_ctx *ctx,
|
|||
}
|
||||
if (n != 1) {
|
||||
lwsl_err("%s: set AAD failed\n", __func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
lwsl_hexdump_err(in, len);
|
||||
return -1;
|
||||
}
|
||||
|
|
@ -369,7 +369,7 @@ lws_genaes_crypt(struct lws_genaes_ctx *ctx,
|
|||
|
||||
if (!n) {
|
||||
lwsl_notice("%s: update failed\n", __func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -126,7 +126,7 @@ lws_genec_eckey_import(int nid, EVP_PKEY *pkey, struct lws_gencrypto_keyelem *el
|
|||
if (n != 1) {
|
||||
lwsl_err("%s: EC_KEY_set_public_key_affine_coordinates fail:\n",
|
||||
__func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
goto bail;
|
||||
}
|
||||
|
||||
|
|
@ -609,7 +609,7 @@ lws_genecdsa_hash_sig_verify_jws(struct lws_genec_ctx *ctx, const uint8_t *in,
|
|||
EC_KEY_free(eckey);
|
||||
if (n != 1) {
|
||||
lwsl_err("%s: ECDSA_do_verify fail\n", __func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
goto bail;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -225,7 +225,7 @@ lws_genrsa_public_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|||
mode_map_crypt[ctx->mode]);
|
||||
if (n < 0) {
|
||||
lwsl_err("%s: RSA_public_encrypt failed\n", __func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -240,7 +240,7 @@ lws_genrsa_private_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|||
mode_map_crypt[ctx->mode]);
|
||||
if (n < 0) {
|
||||
lwsl_err("%s: RSA_private_encrypt failed\n", __func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -269,7 +269,7 @@ lws_genrsa_private_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|||
mode_map_crypt[ctx->mode]);
|
||||
if (n < 0) {
|
||||
lwsl_err("%s: RSA_private_decrypt failed\n", __func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -311,7 +311,7 @@ lws_genrsa_hash_sig_verify(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|||
|
||||
if (n != 1) {
|
||||
lwsl_notice("%s: fail\n", __func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ lws_ssl_client_bio_create(struct lws *wsi)
|
|||
if (!wsi->tls.ssl) {
|
||||
lwsl_err("SSL_new failed: %s\n",
|
||||
ERR_error_string(lws_ssl_get_error(wsi, 0), NULL));
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
@ -361,7 +361,7 @@ lws_tls_client_confirm_peer_cert(struct lws *wsi, char *ebuf, int ebuf_len)
|
|||
"server's cert didn't look good, X509_V_ERR = %d: %s\n",
|
||||
n, ERR_error_string(n, sb));
|
||||
lwsl_info("%s\n", ebuf);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
|
||||
return -1;
|
||||
|
||||
|
|
@ -585,7 +585,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
|
|||
"Unable to load SSL Client certs "
|
||||
"file from %s -- client ssl isn't "
|
||||
"going to work\n", ca_filepath);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
}
|
||||
else
|
||||
lwsl_info("loaded ssl_ca_filepath\n");
|
||||
|
|
@ -598,7 +598,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
|
|||
lwsl_err("Unable to load SSL Client certs from "
|
||||
"ssl_ca_mem -- client ssl isn't going to "
|
||||
"work\n");
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
} else {
|
||||
/* it doesn't increment x509_store ref counter */
|
||||
SSL_CTX_set_cert_store(vh->tls.ssl_client_ctx,
|
||||
|
|
@ -628,7 +628,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
|
|||
if (n < 1) {
|
||||
lwsl_err("problem %d getting cert '%s'\n", n,
|
||||
cert_filepath);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
return 1;
|
||||
}
|
||||
lwsl_notice("Loaded client cert %s\n", cert_filepath);
|
||||
|
|
@ -638,7 +638,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
|
|||
if (n < 1) {
|
||||
lwsl_err("%s: problem interpreting client cert\n",
|
||||
__func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
|
@ -650,7 +650,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
|
|||
private_key_filepath, SSL_FILETYPE_PEM) != 1) {
|
||||
lwsl_err("use_PrivateKey_file '%s'\n",
|
||||
private_key_filepath);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
return 1;
|
||||
}
|
||||
lwsl_notice("Loaded client cert private key %s\n",
|
||||
|
|
|
|||
|
|
@ -563,7 +563,7 @@ lws_tls_server_new_nonblocking(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
lwsl_err("SSL_new failed: %d (errno %d)\n",
|
||||
lws_ssl_get_error(wsi, 0), errno);
|
||||
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -639,8 +639,9 @@ lws_tls_server_accept(struct lws *wsi)
|
|||
|
||||
return LWS_SSL_CAPABLE_DONE;
|
||||
}
|
||||
lws_tls_err_describe();
|
||||
|
||||
m = lws_ssl_get_error(wsi, n);
|
||||
lws_tls_err_describe_clear();
|
||||
|
||||
if (m == SSL_ERROR_SYSCALL || m == SSL_ERROR_SSL)
|
||||
return LWS_SSL_CAPABLE_ERROR;
|
||||
|
|
|
|||
|
|
@ -332,7 +332,7 @@ lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len)
|
|||
}
|
||||
|
||||
lwsl_debug("%s failed: %s\n",__func__, ERR_error_string(m, NULL));
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
|
||||
wsi->socket_is_permanently_unusable = 1;
|
||||
|
||||
|
|
|
|||
|
|
@ -65,15 +65,16 @@ char* lws_ssl_get_error_string(int status, int ret, char *buf, size_t len) {
|
|||
}
|
||||
|
||||
void
|
||||
lws_tls_err_describe(void)
|
||||
lws_tls_err_describe_clear(void)
|
||||
{
|
||||
char buf[128];
|
||||
char buf[160];
|
||||
unsigned long l;
|
||||
|
||||
do {
|
||||
l = ERR_peek_error();
|
||||
l = ERR_get_error();
|
||||
if (!l)
|
||||
break;
|
||||
|
||||
ERR_error_string_n(l, buf, sizeof(buf));
|
||||
lwsl_info(" openssl error: %s\n", buf);
|
||||
} while (l);
|
||||
|
|
|
|||
|
|
@ -244,7 +244,7 @@ lws_x509_parse_from_pem(struct lws_x509_cert *x509, const void *pem, size_t len)
|
|||
BIO_free(bio);
|
||||
if (!x509->cert) {
|
||||
lwsl_err("%s: unable to parse PEM cert\n", __func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
|
@ -279,7 +279,7 @@ lws_x509_verify(struct lws_x509_cert *x509, struct lws_x509_cert *trusted,
|
|||
ret = X509_check_issued(trusted->cert, x509->cert);
|
||||
if (ret != X509_V_OK) {
|
||||
lwsl_err("%s: unable to verify cert relationship\n", __func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
|
@ -500,7 +500,7 @@ lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len,
|
|||
lws_explicit_bzero((void *)pem, len);
|
||||
if (!pkey) {
|
||||
lwsl_err("%s: unable to parse PEM privkey\n", __func__);
|
||||
lws_tls_err_describe();
|
||||
lws_tls_err_describe_clear();
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -138,7 +138,7 @@ LWS_EXTERN int openssl_websocket_private_data_index;
|
|||
|
||||
|
||||
LWS_EXTERN void
|
||||
lws_tls_err_describe(void);
|
||||
lws_tls_err_describe_clear(void);
|
||||
|
||||
LWS_EXTERN int
|
||||
lws_tls_openssl_cert_info(X509 *x509, enum lws_tls_cert_info type,
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue