Show useful errors.

author Ben Laurie <ben@links.org>

Tue, 24 Sep 2013 22:13:22 +0000 (23:13 +0100)

committer Ben Laurie <ben@links.org>

Wed, 25 Sep 2013 11:45:48 +0000 (12:45 +0100)
author Ben Laurie <ben@links.org>
Tue, 24 Sep 2013 22:13:22 +0000 (23:13 +0100)
committer Ben Laurie <ben@links.org>
Wed, 25 Sep 2013 11:45:48 +0000 (12:45 +0100)
diff --git a/apps/s_server.c b/apps/s_server.c

index 9359161758c97f000f517b1afccdebba98aba0c2..c4fe72dba087cee7e9c0189c2e423d963b644bab 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1970,7 +1970,10 @@ bad:
  #ifndef OPENSSL_NO_TLSEXT
         if (s_serverinfo_file != NULL
             && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file))
+               {
+               ERR_print_errors(bio_err);
                 goto end;
+               }
         if (c_auth)
                 {
                 SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err);
diff --git a/ssl/ssl.h b/ssl/ssl.h

index a5d6ed096c873996f9dec98157095009b976079c..a41518414a0e2f8cb4be11762e028df355143489 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2749,6 +2749,7 @@ void ERR_load_SSL_strings(void);
  #define SSL_R_BAD_AUTHENTICATION_TYPE                   102
  #define SSL_R_BAD_CHANGE_CIPHER_SPEC                    103
  #define SSL_R_BAD_CHECKSUM                              104
+#define SSL_R_BAD_DATA                                  390
  #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK             106
  #define SSL_R_BAD_DECOMPRESSION                                 107
  #define SSL_R_BAD_DH_G_LENGTH                           108
@@ -2897,6 +2898,7 @@ void ERR_load_SSL_strings(void);
  #define SSL_R_NO_COMPRESSION_SPECIFIED                  187
  #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER          330
  #define SSL_R_NO_METHOD_SPECIFIED                       188
+#define SSL_R_NO_PEM_EXTENSIONS                                 389
  #define SSL_R_NO_PRIVATEKEY                             189
  #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                   190
  #define SSL_R_NO_PROTOCOLS_AVAILABLE                    191
@@ -2924,6 +2926,8 @@ void ERR_load_SSL_strings(void);
  #define SSL_R_PEER_ERROR_NO_CERTIFICATE                         202
  #define SSL_R_PEER_ERROR_NO_CIPHER                      203
  #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE   204
+#define SSL_R_PEM_NAME_BAD_PREFIX                       391
+#define SSL_R_PEM_NAME_TOO_SHORT                        392
  #define SSL_R_PRE_MAC_LENGTH_TOO_LONG                   205
  #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS                 206
  #define SSL_R_PROTOCOL_IS_SHUTDOWN                      207
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c

index d295f43b47819661eefbad0d5e5c5569a3364aaf..9889a27e1bd53a9c6a01719ac46e385575068f14 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -313,6 +313,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
  {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
  {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
  {ERR_REASON(SSL_R_BAD_CHECKSUM)          ,"bad checksum"},
+{ERR_REASON(SSL_R_BAD_DATA)              ,"bad data"},
  {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
  {ERR_REASON(SSL_R_BAD_DECOMPRESSION)     ,"bad decompression"},
  {ERR_REASON(SSL_R_BAD_DH_G_LENGTH)       ,"bad dh g length"},
@@ -461,6 +462,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
  {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
  {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
  {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   ,"no method specified"},
+{ERR_REASON(SSL_R_NO_PEM_EXTENSIONS)     ,"no pem extensions"},
  {ERR_REASON(SSL_R_NO_PRIVATEKEY)         ,"no privatekey"},
  {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
  {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
@@ -488,6 +490,8 @@ static ERR_STRING_DATA SSL_str_reasons[]=
  {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
  {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER)  ,"peer error no cipher"},
  {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
+{ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX)   ,"pem name bad prefix"},
+{ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT)    ,"pem name too short"},
  {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
  {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
  {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN)  ,"protocol is shutdown"},
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c

index 36d7a1a8199a61de02d30092df0128afa81044a9..953295518dc374b280df3cb4e26b38ec95011f27 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -1012,7 +1012,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
                         /* There must be at least one extension in this file */
                         if (num_extensions == 0)
                                 {
-                               SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                               SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_NO_PEM_EXTENSIONS);
                                 goto end;
                                 }
                         else /* End of file, we're done */
@@ -1021,18 +1021,18 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
                 /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
                 if (strlen(name) < strlen(namePrefix))
                         {
-                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
                         goto end;
                         }
                 if (strncmp(name, namePrefix, strlen(namePrefix)) != 0)
                         {
-                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_BAD_PREFIX);
                         goto end;
                         }
                 /* Check that the decoded PEM data is plausible (valid length field) */
                 if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4)
                         {
-                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
                         goto end;
                         }
                 /* Append the decoded extension to the serverinfo buffer */
author	Ben Laurie <ben@links.org>
	Tue, 24 Sep 2013 22:13:22 +0000 (23:13 +0100)
committer	Ben Laurie <ben@links.org>
	Wed, 25 Sep 2013 11:45:48 +0000 (12:45 +0100)
apps/s_server.c		patch \| blob \| blame \| history
ssl/ssl.h		patch \| blob \| blame \| history
ssl/ssl_err.c		patch \| blob \| blame \| history
ssl/ssl_rsa.c		patch \| blob \| blame \| history