From: Oscar Mira <valldrac@molly.im>
Date: Sun, 6 Feb 2022 19:37:46 +0000 (+0100)
Subject: Replace OpenSSL's ERR_PACK with ERR_GET_REASON
X-Git-Tag: release-1.16.0rc1~48^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F631%2Fhead;p=thirdparty%2Funbound.git

Replace OpenSSL's ERR_PACK with ERR_GET_REASON
---

diff --git a/util/netevent.c b/util/netevent.c
index b9b7230e4..f6fb8c242 100644
--- a/util/netevent.c
+++ b/util/netevent.c
@@ -1209,23 +1209,22 @@ squelch_err_ssl_handshake(unsigned long err)
 {
 	if(verbosity >= VERB_QUERY)
 		return 0; /* only squelch on low verbosity */
-	/* this is very specific, we could filter on ERR_GET_REASON()
-	 * (the third element in ERR_PACK) */
-	if(err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, SSL_R_HTTPS_PROXY_REQUEST) ||
-		err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, SSL_R_HTTP_REQUEST) ||
-		err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER) ||
-		err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_BYTES, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE)
+	if(ERR_GET_LIB(err) == ERR_LIB_SSL &&
+		(ERR_GET_REASON(err) == SSL_R_HTTPS_PROXY_REQUEST ||
+		 ERR_GET_REASON(err) == SSL_R_HTTP_REQUEST ||
+		 ERR_GET_REASON(err) == SSL_R_WRONG_VERSION_NUMBER ||
+		 ERR_GET_REASON(err) == SSL_R_SSLV3_ALERT_BAD_CERTIFICATE
 #ifdef SSL_F_TLS_POST_PROCESS_CLIENT_HELLO
-		|| err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER)
+		 || ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER
 #endif
 #ifdef SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO
-		|| err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL)
-		|| err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL)
+		 || ERR_GET_REASON(err) == SSL_R_UNKNOWN_PROTOCOL
+		 || ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL
 #  ifdef SSL_R_VERSION_TOO_LOW
-		|| err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_VERSION_TOO_LOW)
+		 || ERR_GET_REASON(err) == SSL_R_VERSION_TOO_LOW
 #  endif
 #endif
-		)
+		))
 		return 1;
 	return 0;
 }