dovecot-2.2: login-common: Use openssl_iostream_*error() to avoi...

dovecot at dovecot.org dovecot at dovecot.org
Thu Dec 3 10:03:27 UTC 2015 

details:   http://hg.dovecot.org/dovecot-2.2/rev/77990d0b1a42
changeset: 19446:77990d0b1a42
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Dec 03 11:58:11 2015 +0200
description:
login-common: Use openssl_iostream_*error() to avoid code duplication.

diffstat:

 src/login-common/ssl-proxy-openssl.c |  69 +++++------------------------------
 1 files changed, 11 insertions(+), 58 deletions(-)

diffs (156 lines):

diff -r 151df65d2de5 -r 77990d0b1a42 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c	Thu Dec 03 11:55:33 2015 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Thu Dec 03 11:58:11 2015 +0200
@@ -381,42 +381,6 @@
 	ssl_proxy_unref(proxy);
 }
 
-static const char *ssl_err2str(unsigned long err, const char *data, int flags)
-{
-	const char *ret;
-	char *buf;
-	size_t err_size = 256;
-
-	buf = t_malloc(err_size);
-	buf[err_size-1] = '\0';
-	ERR_error_string_n(err, buf, err_size-1);
-	ret = buf;
-
-	if ((flags & ERR_TXT_STRING) != 0)
-		ret = t_strdup_printf("%s: %s", buf, data);
-	return ret;
-}
-
-static const char *ssl_last_error(void)
-{
-	unsigned long err;
-	const char *data;
-	int flags;
-
-	err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
-	while (err != 0 && ERR_peek_error() != 0) {
-		i_error("SSL: Stacked error: %s",
-			ssl_err2str(err, data, flags));
-		err = ERR_get_error();
-	}
-	if (err == 0) {
-		if (errno != 0)
-			return strerror(errno);
-		return "Unknown error";
-	}
-	return ssl_err2str(err, data, flags);
-}
-
 static void ssl_handle_error(struct ssl_proxy *proxy, int ret,
 			     const char *func_name)
 {
@@ -438,7 +402,7 @@
 	case SSL_ERROR_SYSCALL:
 		/* eat up the error queue */
 		if (ERR_peek_error() != 0)
-			errstr = ssl_last_error();
+			errstr = openssl_iostream_error();
 		else if (ret != 0)
 			errstr = strerror(errno);
 		else {
@@ -460,11 +424,11 @@
 				login_binary->process_name);
 		}
 		errstr = t_strdup_printf("%s failed: %s",
-					 func_name, ssl_last_error());
+					 func_name, openssl_iostream_error());
 		break;
 	default:
 		errstr = t_strdup_printf("%s failed: unknown failure %d (%s)",
-					 func_name, err, ssl_last_error());
+					 func_name, err, openssl_iostream_error());
 		break;
 	}
 
@@ -594,12 +558,12 @@
 
 	ssl = SSL_new(ssl_ctx);
 	if (ssl == NULL) {
-		i_error("SSL_new() failed: %s", ssl_last_error());
+		i_error("SSL_new() failed: %s", openssl_iostream_error());
 		return -1;
 	}
 
 	if (SSL_set_fd(ssl, fd) != 1) {
-		i_error("SSL_set_fd() failed: %s", ssl_last_error());
+		i_error("SSL_set_fd() failed: %s", openssl_iostream_error());
 		SSL_free(ssl);
 		return -1;
 	}
@@ -991,7 +955,7 @@
 		i_fatal("BIO_new_mem_buf() failed");
 	inf = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
 	if (inf == NULL)
-		i_fatal("Couldn't parse ssl_ca: %s", ssl_last_error());
+		i_fatal("Couldn't parse ssl_ca: %s", openssl_iostream_error());
 	BIO_free(bio);
 
 	if (xnames_r != NULL) {
@@ -1123,7 +1087,7 @@
 	err = ERR_peek_error();
 	if (ERR_GET_LIB(err) != ERR_LIB_PEM ||
 	    ERR_GET_REASON(err) != PEM_R_NO_START_LINE)
-		return ssl_last_error();
+		return openssl_iostream_error();
 	else if (is_pem_key(cert)) {
 		return "The file contains a private key "
 			"(you've mixed ssl_cert and ssl_key settings)";
@@ -1135,17 +1099,6 @@
 	}
 }
 
-static const char *ssl_key_load_error(void)
-{
-	unsigned long err = ERR_peek_error();
-
-	if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
-	    ERR_GET_REASON(err) == X509_R_KEY_VALUES_MISMATCH)
-		return "Key is for a different cert than ssl_cert";
-	else
-		return ssl_last_error();
-}
-
 static EVP_PKEY * ATTR_NULL(2)
 ssl_proxy_load_key(const char *key, const char *password)
 {
@@ -1162,7 +1115,7 @@
 				       dup_password);
 	if (pkey == NULL) {
 		i_fatal("Couldn't parse private ssl_key: %s",
-			ssl_key_load_error());
+			openssl_iostream_key_load_error());
 	}
 	BIO_free(bio);
 	return pkey;
@@ -1179,7 +1132,7 @@
 		getenv(MASTER_SSL_KEY_PASSWORD_ENV);
 	pkey = ssl_proxy_load_key(set->ssl_key, password);
 	if (SSL_CTX_use_PrivateKey(ctx, pkey) != 1)
-		i_fatal("Can't load private ssl_key: %s", ssl_key_load_error());
+		i_fatal("Can't load private ssl_key: %s", openssl_iostream_key_load_error());
 	EVP_PKEY_free(pkey);
 }
 
@@ -1316,7 +1269,7 @@
 
 	if (SSL_CTX_set_cipher_list(ssl_ctx, ctx->cipher_list) != 1) {
 		i_fatal("Can't set cipher list to '%s': %s",
-			ctx->cipher_list, ssl_last_error());
+			ctx->cipher_list, openssl_iostream_error());
 	}
 	if (ctx->prefer_server_ciphers)
 		SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
@@ -1370,7 +1323,7 @@
 	pkey = ssl_proxy_load_key(set->ssl_client_key, NULL);
 	if (SSL_CTX_use_PrivateKey(ctx, pkey) != 1) {
 		i_fatal("Can't load private ssl_client_key: %s",
-			ssl_key_load_error());
+			openssl_iostream_key_load_error());
 	}
 	EVP_PKEY_free(pkey);
 }

More information about the dovecot-cvs mailing list