From: Remi Tricot-Le Breton Date: Fri, 11 Feb 2022 11:04:44 +0000 (+0100) Subject: MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3 X-Git-Tag: v2.6-dev2~182 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1effd9aa0;p=thirdparty%2Fhaproxy.git MINOR: ssl: Remove call to ERR_func_error_string with OpenSSLv3 ERR_func_error_string does not return anything anymore with OpenSSLv3, it can be replaced by ERR_peek_error_func which did not exist on previous versions. --- diff --git a/include/haproxy/openssl-compat.h b/include/haproxy/openssl-compat.h index 10a4fa60fd..890e086c85 100644 --- a/include/haproxy/openssl-compat.h +++ b/include/haproxy/openssl-compat.h @@ -314,6 +314,22 @@ static inline X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) #if defined(SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB) #define SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_tlsext_ticket_key_cb #endif + +/* + * Functions introduced in OpenSSL 3.0.0 + */ +static inline unsigned long ERR_peek_error_func(const char **func) +{ + unsigned long ret = ERR_peek_error(); + if (ret == 0) + return ret; + + if (func) + *func = ERR_func_error_string(ret); + + return ret; +} + #endif #if (HA_OPENSSL_VERSION_NUMBER >= 0x1010000fL) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070200fL) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index a2be6721d8..f03a314e97 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -608,12 +608,15 @@ static forceinline void ssl_sock_dump_errors(struct connection *conn) if (unlikely(global.mode & MODE_DEBUG)) { while(1) { + const char *func = NULL; + ERR_peek_error_func(&func); + ret = ERR_get_error(); if (ret == 0) return; fprintf(stderr, "fd[%#x] OpenSSL error[0x%lx] %s: %s\n", conn->handle.fd, ret, - ERR_func_error_string(ret), ERR_reason_error_string(ret)); + func, ERR_reason_error_string(ret)); } } }