res_xmpp: Try to provide useful errors messages from OpenSSL

If any errors occur during the TLS connection setup, we currently dump a
fairly generic error message. So instead we try to pull in something
useful from OpenSSL to report instead.

ASTERISK-24712
Reported by: Matthias Urlichs

Change-Id: I288500991a9681f447d92913b11fedaf426087f4

diff --git a/res/res_xmpp.c b/res/res_xmpp.c
index 32e1dd1ffc9fa804f6c36585995350709118c9db..d7ba5552bef8319ae2bb5a05255c38e676786804 100644 (file)
--- a/res/res_xmpp.c
+++ b/res/res_xmpp.c
@@ -2631,12 +2631,31 @@ static int xmpp_client_request_tls(struct ast_xmpp_client *client, struct ast_xm
 #endif
 }
 
+#ifdef HAVE_OPENSSL
+static char *openssl_error_string(void)
+{
+       char *buf = NULL, *ret;
+       size_t len;
+       BIO *bio = BIO_new(BIO_s_mem());
+
+       ERR_print_errors(bio);
+       len = BIO_get_mem_data(bio, &buf);
+       ret = ast_calloc(1, len + 1);
+       if (ret) {
+               memcpy(ret, buf, len);
+       }
+       BIO_free(bio);
+       return ret;
+}
+#endif
+
 /*! \brief Internal function called when we receive a response to our TLS initiation request */
 static int xmpp_client_requested_tls(struct ast_xmpp_client *client, struct ast_xmpp_client_config *cfg, int type, iks *node)
 {
 #ifdef HAVE_OPENSSL
        int sock;
        long ssl_opts;
+       char *err;
 #endif
 
        if (!strcmp(iks_name(node), "success")) {
@@ -2692,7 +2711,10 @@ static int xmpp_client_requested_tls(struct ast_xmpp_client *client, struct ast_
        return 0;
 
 failure:
-       ast_log(LOG_ERROR, "TLS connection for client '%s' cannot be established. OpenSSL initialization failed.\n", client->name);
+       err = openssl_error_string();
+       ast_log(LOG_ERROR, "TLS connection for client '%s' cannot be established. "
+               "OpenSSL initialization failed: %s\n", client->name, err);
+       ast_free(err);
        return -1;
 #endif
 }