]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f04ce77) | patch
Log OpenSSL errors on failure to set certificate
authorSelva Nair <selva.nair@gmail.com>
Sun, 1 Oct 2023 17:49:20 +0000 (13:49 -0400)
committerGert Doering <gert@greenie.muc.de>
Mon, 2 Oct 2023 08:13:04 +0000 (10:13 +0200)
commitebfa5f3811e92863a3bbcc53b7a3f1b29dff1bc1
tree87c899121542b049326c067327ffe28bc0aa97fctree | snapshot
parentf04ce77e8da54b6dbf3e016506b7ffdba0713004commit | diff
Log OpenSSL errors on failure to set certificate

Currently we log a bogus error message saying private key password
verification failed when SSL_CTX_use_cert_and_key() fails in
pkcs11_openssl.c. Instead print OpenSSL error queue and exit promptly.

Also log OpenSSL errors when SSL_CTX_use_certiifcate() fails in
cryptoapi.c and elsewhere. Such logging could be useful especially when
the ceritficate is rejected by OpenSSL due to stricter security
restrictions in recent versions of the library.

Change-Id: Ic7ec25ac0503a91d5869b8da966d0065f264af22
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20231001174920.54154-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27122.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 2671dcb69837ae58b3303f11c1b6ba4cee8eea00)
src/openvpn/cryptoapi.c diff | blob | blame | history
src/openvpn/pkcs11_openssl.c diff | blob | blame | history
src/openvpn/ssl_openssl.c diff | blob | blame | history
tests/unit_tests/openvpn/test_cryptoapi.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git