dovecot-2.2: lib-ssl-iostream: Moved openssl_iostream_*error() t...

Thu Dec 3 10:23:22 UTC 2015

details:   http://hg.dovecot.org/dovecot-2.2/rev/be47ca42cbc4
changeset: 19450:be47ca42cbc4
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Dec 03 12:22:24 2015 +0200
description:
lib-ssl-iostream: Moved openssl_iostream_*error() to -common.c
login-common code only links with this file, so that's required for the
previous changes to actually work.

diffstat:

 src/lib-ssl-iostream/iostream-openssl-common.c  |  75 +++++++++++++++++++++++++
 src/lib-ssl-iostream/iostream-openssl-context.c |  74 ------------------------
 2 files changed, 75 insertions(+), 74 deletions(-)

diffs (180 lines):

diff -r 302c3c7e11f8 -r be47ca42cbc4 src/lib-ssl-iostream/iostream-openssl-common.c

--- a/src/lib-ssl-iostream/iostream-openssl-common.c	Thu Dec 03 12:19:12 2015 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl-common.c	Thu Dec 03 12:22:24 2015 +0200
@@ -4,6 +4,7 @@
 #include "iostream-openssl.h"
 
 #include <openssl/x509v3.h>
+#include <openssl/err.h>
 
 enum {
 	DOVECOT_SSL_PROTO_SSLv2		= 0x01,
@@ -165,3 +166,77 @@
 	X509_free(cert);
 	return ret;
 }
+
+static const char *ssl_err2str(unsigned long err, const char *data, int flags)
+{
+	const char *ret;
+	char *buf;
+	size_t err_size = 256;
+
+	buf = t_malloc(err_size);
+	buf[err_size-1] = '\0';
+	ERR_error_string_n(err, buf, err_size-1);
+	ret = buf;
+
+	if ((flags & ERR_TXT_STRING) != 0)
+		ret = t_strdup_printf("%s: %s", buf, data);
+	return ret;
+}
+
+const char *openssl_iostream_error(void)
+{
+	unsigned long err;
+	const char *data;
+	int flags;
+
+	while ((err = ERR_get_error_line_data(NULL, NULL, &data, &flags)) != 0) {
+		if (ERR_GET_REASON(err) == ERR_R_MALLOC_FAILURE)
+			i_fatal_status(FATAL_OUTOFMEM, "OpenSSL malloc() failed");
+		if (ERR_peek_error() != 0)
+			break;
+		i_error("SSL: Stacked error: %s",
+			ssl_err2str(err, data, flags));
+	}
+	if (err == 0) {
+		if (errno != 0)
+			return strerror(errno);
+		return "Unknown error";
+	}
+	return ssl_err2str(err, data, flags);
+}
+
+const char *openssl_iostream_key_load_error(void)
+{
+       unsigned long err = ERR_peek_error();
+
+       if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
+           ERR_GET_REASON(err) == X509_R_KEY_VALUES_MISMATCH)
+               return "Key is for a different cert than ssl_cert";
+       else
+               return openssl_iostream_error();
+}
+
+static bool is_pem_key(const char *cert)
+{
+	return strstr(cert, "PRIVATE KEY---") != NULL;
+}
+
+const char *
+openssl_iostream_use_certificate_error(const char *cert, const char *set_name)
+{
+	unsigned long err;
+
+	err = ERR_peek_error();
+	if (ERR_GET_LIB(err) != ERR_LIB_PEM ||
+	    ERR_GET_REASON(err) != PEM_R_NO_START_LINE)
+		return openssl_iostream_error();
+	else if (is_pem_key(cert)) {
+		return "The file contains a private key "
+			"(you've mixed ssl_cert and ssl_key settings)";
+	} else if (set_name != NULL && strchr(cert, '\n') == NULL) {
+		return t_strdup_printf("There is no valid PEM certificate. "
+			"(You probably forgot '<' from %s=<%s)", set_name, cert);
+	} else {
+		return "There is no valid PEM certificate.";
+	}
+}
diff -r 302c3c7e11f8 -r be47ca42cbc4 src/lib-ssl-iostream/iostream-openssl-context.c
--- a/src/lib-ssl-iostream/iostream-openssl-context.c	Thu Dec 03 12:19:12 2015 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c	Thu Dec 03 12:22:24 2015 +0200
@@ -28,55 +28,6 @@
 static int ssl_iostream_init_global(const struct ssl_iostream_settings *set,
 				    const char **error_r);
 
-static const char *ssl_err2str(unsigned long err, const char *data, int flags)
-{
-	const char *ret;
-	char *buf;
-	size_t err_size = 256;
-
-	buf = t_malloc(err_size);
-	buf[err_size-1] = '\0';
-	ERR_error_string_n(err, buf, err_size-1);
-	ret = buf;
-
-	if ((flags & ERR_TXT_STRING) != 0)
-		ret = t_strdup_printf("%s: %s", buf, data);
-	return ret;
-}
-
-const char *openssl_iostream_error(void)
-{
-	unsigned long err;
-	const char *data;
-	int flags;
-
-	while ((err = ERR_get_error_line_data(NULL, NULL, &data, &flags)) != 0) {
-		if (ERR_GET_REASON(err) == ERR_R_MALLOC_FAILURE)
-			i_fatal_status(FATAL_OUTOFMEM, "OpenSSL malloc() failed");
-		if (ERR_peek_error() != 0)
-			break;
-		i_error("SSL: Stacked error: %s",
-			ssl_err2str(err, data, flags));
-	}
-	if (err == 0) {
-		if (errno != 0)
-			return strerror(errno);
-		return "Unknown error";
-	}
-	return ssl_err2str(err, data, flags);
-}
-
-const char *openssl_iostream_key_load_error(void)
-{
-       unsigned long err = ERR_peek_error();
-
-       if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
-           ERR_GET_REASON(err) == X509_R_KEY_VALUES_MISMATCH)
-               return "Key is for a different cert than ssl_cert";
-       else
-               return openssl_iostream_error();
-}
-
 static RSA *ssl_gen_rsa_key(SSL *ssl ATTR_UNUSED,
 			    int is_export ATTR_UNUSED, int keylength)
 {
@@ -169,31 +120,6 @@
 	return ret;
 }
 
-static bool is_pem_key(const char *cert)
-{
-	return strstr(cert, "PRIVATE KEY---") != NULL;
-}
-
-const char *
-openssl_iostream_use_certificate_error(const char *cert, const char *set_name)
-{
-	unsigned long err;
-
-	err = ERR_peek_error();
-	if (ERR_GET_LIB(err) != ERR_LIB_PEM ||
-	    ERR_GET_REASON(err) != PEM_R_NO_START_LINE)
-		return openssl_iostream_error();
-	else if (is_pem_key(cert)) {
-		return "The file contains a private key "
-			"(you've mixed ssl_cert and ssl_key settings)";
-	} else if (set_name != NULL && strchr(cert, '\n') == NULL) {
-		return t_strdup_printf("There is no valid PEM certificate. "
-			"(You probably forgot '<' from %s=<%s)", set_name, cert);
-	} else {
-		return "There is no valid PEM certificate.";
-	}
-}
-
 static int ssl_ctx_use_certificate_chain(SSL_CTX *ctx, const char *cert)
 {
 	/* mostly just copy&pasted from SSL_CTX_use_certificate_chain_file() */
