lib-ssl-iostream: Include setting name in all key parsing errors

author Timo Sirainen <timo.sirainen@open-xchange.com>

Mon, 20 Apr 2020 16:27:00 +0000 (19:27 +0300)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Fri, 24 Apr 2020 08:51:38 +0000 (08:51 +0000)
author Timo Sirainen <timo.sirainen@open-xchange.com>
Mon, 20 Apr 2020 16:27:00 +0000 (19:27 +0300)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Fri, 24 Apr 2020 08:51:38 +0000 (08:51 +0000)
diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c

index 225c584cf79c63c9c640d70c394f2781c68acdf3..0ab595b3d7f8ea96381f79b038ba8bc09062c01a 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -74,6 +74,7 @@ pem_password_callback(char *buf, int size, int rwflag ATTR_UNUSED,
  }
  
  int openssl_iostream_load_key(const struct ssl_iostream_cert *set,
+                             const char *set_name,
                               EVP_PKEY **pkey_r, const char **error_r)
  {
         struct ssl_iostream_password_context ctx;
@@ -95,8 +96,9 @@ int openssl_iostream_load_key(const struct ssl_iostream_cert *set,
  
         pkey = PEM_read_bio_PrivateKey(bio, NULL, pem_password_callback, &ctx);
         if (pkey == NULL && ctx.error == NULL) {
-               ctx.error = t_strdup_printf("Couldn't parse private SSL key: %s",
-                                           openssl_iostream_error());
+               ctx.error = t_strdup_printf(
+                       "Couldn't parse private SSL key (%s setting): %s",
+                       set_name, openssl_iostream_error());
         }
         BIO_free(bio);
  
@@ -143,7 +145,7 @@ ssl_iostream_ctx_use_key(struct ssl_iostream_context *ctx, const char *set_name,
         EVP_PKEY *pkey;
         int ret = 0;
  
-       if (openssl_iostream_load_key(set, &pkey, error_r) < 0)
+       if (openssl_iostream_load_key(set, set_name, &pkey, error_r) < 0)
                 return -1;
         if (SSL_CTX_use_PrivateKey(ctx->ssl_ctx, pkey) == 0) {
                 *error_r = t_strdup_printf(
diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c

index ad605712a0461ca1127d73176843bd30a56eeb89..96fcba848aaa889118ed7f957ad31533d7cc3b05 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -91,18 +91,19 @@ openssl_iostream_use_certificate(struct ssl_iostream *ssl_io, const char *cert,
  }
  
  static int
-openssl_iostream_use_key(struct ssl_iostream *ssl_io,
+openssl_iostream_use_key(struct ssl_iostream *ssl_io, const char *set_name,
                          const struct ssl_iostream_cert *set,
                          const char **error_r)
  {
         EVP_PKEY *pkey;
         int ret = 0;
  
-       if (openssl_iostream_load_key(set, &pkey, error_r) < 0)
+       if (openssl_iostream_load_key(set, set_name, &pkey, error_r) < 0)
                 return -1;
         if (SSL_use_PrivateKey(ssl_io->ssl, pkey) != 1) {
-               *error_r = t_strdup_printf("Can't load SSL private key: %s",
-                                          openssl_iostream_key_load_error());
+               *error_r = t_strdup_printf(
+                       "Can't load SSL private key (%s setting): %s",
+                       set_name, openssl_iostream_key_load_error());
                 ret = -1;
         }
         EVP_PKEY_free(pkey);
@@ -219,7 +220,7 @@ openssl_iostream_set(struct ssl_iostream *ssl_io,
                         return -1;
         }
         if (set->cert.key != NULL && strcmp(ctx_set->cert.key, set->cert.key) != 0) {
-               if (openssl_iostream_use_key(ssl_io, &set->cert, error_r) < 0)
+               if (openssl_iostream_use_key(ssl_io, "ssl_key", &set->cert, error_r) < 0)
                         return -1;
         }
         if (set->alt_cert.cert != NULL && strcmp(ctx_set->alt_cert.cert, set->alt_cert.cert) != 0) {
@@ -227,7 +228,7 @@ openssl_iostream_set(struct ssl_iostream *ssl_io,
                         return -1;
         }
         if (set->alt_cert.key != NULL && strcmp(ctx_set->alt_cert.key, set->alt_cert.key) != 0) {
-               if (openssl_iostream_use_key(ssl_io, &set->alt_cert, error_r) < 0)
+               if (openssl_iostream_use_key(ssl_io, "ssl_alt_key", &set->alt_cert, error_r) < 0)
                         return -1;
         }
         if (set->verify_remote_cert) {
diff --git a/src/lib-ssl-iostream/iostream-openssl.h b/src/lib-ssl-iostream/iostream-openssl.h

index 9814eb801d0129680d4e88cc6172d640df7232cf..11ed286453e7d218313d3e6239efa53e7f1494f8 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.h
+++ b/src/lib-ssl-iostream/iostream-openssl.h
@@ -87,6 +87,7 @@ void openssl_iostream_context_unref(struct ssl_iostream_context *ctx);
  void openssl_iostream_global_deinit(void);
  
  int openssl_iostream_load_key(const struct ssl_iostream_cert *set,
+                             const char *set_name,
                               EVP_PKEY **pkey_r, const char **error_r);
  bool openssl_cert_match_name(SSL *ssl, const char *verify_name,
                              const char **reason_r);
author	Timo Sirainen <timo.sirainen@open-xchange.com>
	Mon, 20 Apr 2020 16:27:00 +0000 (19:27 +0300)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Fri, 24 Apr 2020 08:51:38 +0000 (08:51 +0000)
src/lib-ssl-iostream/iostream-openssl-context.c		patch \| blob \| blame \| history
src/lib-ssl-iostream/iostream-openssl.c		patch \| blob \| blame \| history
src/lib-ssl-iostream/iostream-openssl.h		patch \| blob \| blame \| history