exit(1);
}
+/** exit with ssl error related to a file path */
+static void ssl_path_err(const char* s, const char *path)
+{
+ unsigned long err;
+ err = ERR_peek_error();
+ if (ERR_GET_LIB(err) == ERR_LIB_SYS &&
+ (ERR_GET_FUNC(err) == SYS_F_FOPEN ||
+ ERR_GET_FUNC(err) == SYS_F_FREAD) ) {
+ fprintf(stderr, "error: %s\n%s: %s\n",
+ s, path, ERR_reason_error_string(err));
+ exit(1);
+ } else {
+ ssl_err(s);
+ }
+}
+
/** setup SSL context */
static SSL_CTX*
setup_ctx(struct config_file* cfg)
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
!= SSL_OP_NO_SSLv3)
ssl_err("could not set SSL_OP_NO_SSLv3");
- if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
- !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
- || !SSL_CTX_check_private_key(ctx))
- ssl_err("Error setting up SSL_CTX client key and cert");
+ if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert))
+ ssl_path_err("Error setting up SSL_CTX client cert", c_cert);
+ if (!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM))
+ ssl_path_err("Error setting up SSL_CTX client key", c_key);
+ if (!SSL_CTX_check_private_key(ctx))
+ ssl_err("Error setting up SSL_CTX client key");
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
- ssl_err("Error setting up SSL_CTX verify, server cert");
+ ssl_path_err("Error setting up SSL_CTX verify, server cert",
+ s_cert);
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
free(s_cert);
projects / thirdparty / unbound.git / commitdiff
