From ee95e86ae163e436384f1b782a77a7e18deba890 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 3 Nov 2024 12:58:12 +0100
Subject: [PATCH] resolved: log error messages for openssl/gnutls context
 creation

In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting
an error message:
Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory
I expect that this actually comes from dnstls_manager_init(), the
openssl version. But without real logs it's hard to know for sure.

Use EIO instead of ENOMEM, because the problem is unlikely to be actually
related to memory.
---
 src/resolve/resolved-dnstls-gnutls.c  | 4 +++-
 src/resolve/resolved-dnstls-openssl.c | 9 ++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c
index 6ac026ee794..321595f295e 100644
--- a/src/resolve/resolved-dnstls-gnutls.c
+++ b/src/resolve/resolved-dnstls-gnutls.c
@@ -236,7 +236,9 @@ int dnstls_manager_init(Manager *manager) {
 
         r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
         if (r < 0)
-                return -ENOMEM;
+                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                         "Failed to allocate SSL credentials: %s",
+                                         gnutls_strerror(r));
 
         r = gnutls_certificate_set_x509_system_trust(manager->dnstls_data.cert_cred);
         if (r < 0)
diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c
index 3112ccb677b..d814c174ea2 100644
--- a/src/resolve/resolved-dnstls-openssl.c
+++ b/src/resolve/resolved-dnstls-openssl.c
@@ -394,11 +394,15 @@ int dnstls_manager_init(Manager *manager) {
 
         manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
         if (!manager->dnstls_data.ctx)
-                return -ENOMEM;
+                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                         "Failed to create SSL context: %s",
+                                         ERR_error_string(ERR_get_error(), NULL));
 
         r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
         if (r == 0)
-                return -EIO;
+                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                         "Failed to set protocol version on SSL context: %s",
+                                         ERR_error_string(ERR_get_error(), NULL));
 
         (void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
 
@@ -407,7 +411,6 @@ int dnstls_manager_init(Manager *manager) {
                 return log_warning_errno(SYNTHETIC_ERRNO(EIO),
                                          "Failed to load system trust store: %s",
                                          ERR_error_string(ERR_get_error(), NULL));
-
         return 0;
 }
 
-- 
2.47.3