crls = sk_X509_CRL_new_null();
if (crls == NULL || !sk_X509_CRL_push(crls, crl)) {
BIO_puts(bio_err, "Error adding CRL\n");
- ERR_print_errors(bio_err);
X509_CRL_free(crl);
goto end;
}
#endif
ctx = SSL_CTX_new_ex(app_get0_libctx(), app_get0_propq(), meth);
- if (ctx == NULL) {
- ERR_print_errors(bio_err);
+ if (ctx == NULL)
goto end;
- }
SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
ssl_config);
- ERR_print_errors(bio_err);
goto end;
}
}
if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
BIO_printf(bio_err, "Error setting verify params\n");
- ERR_print_errors(bio_err);
goto end;
}
chCApath, chCAfile, chCAstore,
crls, crl_download)) {
BIO_printf(bio_err, "Error loading store locations\n");
- ERR_print_errors(bio_err);
goto end;
}
if (ReqCAfile != NULL) {
if (nm == NULL || !SSL_add_file_cert_subjects_to_stack(nm, ReqCAfile)) {
sk_X509_NAME_pop_free(nm, X509_NAME_free);
BIO_printf(bio_err, "Error loading CA names\n");
- ERR_print_errors(bio_err);
goto end;
}
SSL_CTX_set0_CA_list(ctx, nm);
if (ssl_client_engine) {
if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
BIO_puts(bio_err, "Error setting client auth engine\n");
- ERR_print_errors(bio_err);
release_engine(ssl_client_engine);
goto end;
}
if (stmp == NULL) {
BIO_printf(bio_err, "Can't open PSK session file %s\n", psksessf);
- ERR_print_errors(bio_err);
goto end;
}
psksess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
BIO_free(stmp);
if (psksess == NULL) {
BIO_printf(bio_err, "Can't read PSK session file %s\n", psksessf);
- ERR_print_errors(bio_err);
goto end;
}
}
/* Returns 0 on success! */
if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) {
BIO_printf(bio_err, "Error setting SRTP profile\n");
- ERR_print_errors(bio_err);
goto end;
}
}
/* Enable SCT processing, without early connection termination */
if (ct_validation &&
!SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_PERMISSIVE)) {
- ERR_print_errors(bio_err);
goto end;
}
if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) {
- if (ct_validation) {
- ERR_print_errors(bio_err);
+ if (ct_validation)
goto end;
- }
/*
* If CT validation is not enabled, the log list isn't needed so don't
SSL_CTX_set_verify(ctx, verify, verify_callback);
if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath,
- CAstore, noCAstore)) {
- ERR_print_errors(bio_err);
+ CAstore, noCAstore))
goto end;
- }
ssl_ctx_add_crls(ctx, crls, crl_download);
BIO_printf(bio_err,
"%s: Error enabling DANE TLSA authentication.\n",
prog);
- ERR_print_errors(bio_err);
goto end;
}
}
BIO *stmp = BIO_new_file(sess_in, "r");
if (stmp == NULL) {
BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
- ERR_print_errors(bio_err);
goto end;
}
sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
BIO_free(stmp);
if (sess == NULL) {
BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
- ERR_print_errors(bio_err);
goto end;
}
if (!SSL_set_session(con, sess)) {
BIO_printf(bio_err, "Can't set session\n");
- ERR_print_errors(bio_err);
goto end;
}
}
if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) {
BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
- ERR_print_errors(bio_err);
goto end;
}
}
if (SSL_dane_enable(con, dane_tlsa_domain) <= 0) {
BIO_printf(bio_err, "%s: Error enabling DANE TLSA "
"authentication.\n", prog);
- ERR_print_errors(bio_err);
goto end;
}
if (dane_tlsa_rrset == NULL) {
* non-blocking mode at the SSL level
*/
if (c_nbio || isquic) {
- if (!BIO_socket_nbio(sock, 1)) {
- ERR_print_errors(bio_err);
+ if (!BIO_socket_nbio(sock, 1))
goto end;
- }
if (c_nbio) {
if (isquic && !SSL_set_blocking_mode(con, 0))
goto end;
if (sbio == NULL) {
BIO_printf(bio_err, "Unable to create BIO\n");
- ERR_print_errors(bio_err);
BIO_closesocket(sock);
goto end;
}
}
if (numeric == 691) {
BIO_printf(bio_err, "STARTTLS negotiation failed: ");
- ERR_print_errors(bio_err);
break;
}
} while (numeric != 670);
default:
BIO_printf(bio_err, "Error writing early data\n");
BIO_free(edfile);
- ERR_print_errors(bio_err);
goto shut;
}
}
case SSL_ERROR_WANT_ASYNC_JOB:
/* This shouldn't ever happen in s_client - treat as an error */
case SSL_ERROR_SSL:
- ERR_print_errors(bio_err);
goto shut;
}
}
case SSL_ERROR_WANT_ASYNC_JOB:
/* This shouldn't ever happen in s_client. Treat as an error */
case SSL_ERROR_SSL:
- ERR_print_errors(bio_err);
goto shut;
}
}
}
shut:
+ if (ret > 0)
+ ERR_print_errors(bio_err); /* show any errors accumulated so far */
if (in_init)
print_stuff(bio_c_out, con, full_log);
do_ssl_shutdown(con);
BIO_closesocket(SSL_get_fd(con));
end:
+ if (ret > 0)
+ ERR_print_errors(bio_err); /* show any new or remaining errors */
if (con != NULL) {
if (prexit != 0)
print_stuff(bio_c_out, con, 1);
}
BIO_printf(bio_err, "ERROR\n");
- ERR_print_errors(bio_err);
-
return USER_DATA_PROCESS_SHUT;
}
projects / thirdparty / openssl.git / commitdiff
