diff options
| author | Benjamin Fogle <benfogle@gmail.com> | 2022-11-17 15:52:50 +0100 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2022-11-22 08:04:45 +0100 |
| commit | f4a49d1c58578cb8d759dc6266a23d1acabdc38f (patch) | |
| tree | 383911edf80356f8a654d625dc2e9017b0075e3c /src/resolve | |
| parent | Merge pull request #25470 from keszybz/strv-extendf-format (diff) | |
| download | systemd-f4a49d1c58578cb8d759dc6266a23d1acabdc38f.tar.xz systemd-f4a49d1c58578cb8d759dc6266a23d1acabdc38f.zip | |
resolved: Fix OpenSSL error messages
Diffstat (limited to 'src/resolve')
| -rw-r--r-- | src/resolve/resolved-dnstls-openssl.c | 65 |
1 files changed, 26 insertions, 39 deletions
diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c index 4d3a88c8da..4a0132ad3d 100644 --- a/src/resolve/resolved-dnstls-openssl.c +++ b/src/resolve/resolved-dnstls-openssl.c @@ -14,6 +14,19 @@ #include "resolved-dnstls.h" #include "resolved-manager.h" +static char *dnstls_error_string(int ssl_error, char *buf, size_t count) { + assert(buf || count == 0); + if (ssl_error == SSL_ERROR_SSL) + ERR_error_string_n(ERR_get_error(), buf, count); + else + snprintf(buf, count, "SSL_get_error()=%d", ssl_error); + return buf; +} + +#define DNSTLS_ERROR_BUFSIZE 256 +#define DNSTLS_ERROR_STRING(error) \ + dnstls_error_string((error), (char[DNSTLS_ERROR_BUFSIZE]){}, DNSTLS_ERROR_BUFSIZE) + static int dnstls_flush_write_buffer(DnsStream *stream) { ssize_t ss; @@ -97,26 +110,18 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) { if (server->server_name) { r = SSL_set_tlsext_host_name(s, server->server_name); - if (r <= 0) { - char errbuf[256]; - - error = ERR_get_error(); - ERR_error_string_n(error, errbuf, sizeof(errbuf)); - return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set server name: %s", errbuf); - } + if (r <= 0) + return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), + "Failed to set server name: %s", DNSTLS_ERROR_STRING(SSL_ERROR_SSL)); } ERR_clear_error(); stream->dnstls_data.handshake = SSL_do_handshake(s); if (stream->dnstls_data.handshake <= 0) { error = SSL_get_error(s, stream->dnstls_data.handshake); - if (!IN_SET(error, SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE)) { - char errbuf[256]; - - ERR_error_string_n(error, errbuf, sizeof(errbuf)); + if (!IN_SET(error, SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE)) return log_debug_errno(SYNTHETIC_ERRNO(ECONNREFUSED), - "Failed to invoke SSL_do_handshake: %s", errbuf); - } + "Failed to invoke SSL_do_handshake: %s", DNSTLS_ERROR_STRING(error)); } stream->encrypted = true; @@ -177,12 +182,8 @@ int dnstls_stream_on_io(DnsStream *stream, uint32_t revents) { } else if (error == SSL_ERROR_SYSCALL) { if (errno > 0) log_debug_errno(errno, "Failed to invoke SSL_shutdown, ignoring: %m"); - } else { - char errbuf[256]; - - ERR_error_string_n(error, errbuf, sizeof(errbuf)); - log_debug("Failed to invoke SSL_shutdown, ignoring: %s", errbuf); - } + } else + log_debug("Failed to invoke SSL_shutdown, ignoring: %s", DNSTLS_ERROR_STRING(error)); } stream->dnstls_events = 0; @@ -206,14 +207,10 @@ int dnstls_stream_on_io(DnsStream *stream, uint32_t revents) { return r; return -EAGAIN; - } else { - char errbuf[256]; - - ERR_error_string_n(error, errbuf, sizeof(errbuf)); + } else return log_debug_errno(SYNTHETIC_ERRNO(ECONNREFUSED), "Failed to invoke SSL_do_handshake: %s", - errbuf); - } + DNSTLS_ERROR_STRING(error)); } stream->dnstls_events = 0; @@ -275,12 +272,8 @@ int dnstls_stream_shutdown(DnsStream *stream, int error) { } else if (ssl_error == SSL_ERROR_SYSCALL) { if (errno > 0) log_debug_errno(errno, "Failed to invoke SSL_shutdown, ignoring: %m"); - } else { - char errbuf[256]; - - ERR_error_string_n(ssl_error, errbuf, sizeof(errbuf)); - log_debug("Failed to invoke SSL_shutdown, ignoring: %s", errbuf); - } + } else + log_debug("Failed to invoke SSL_shutdown, ignoring: %s", DNSTLS_ERROR_STRING(ssl_error)); } stream->dnstls_events = 0; @@ -307,10 +300,7 @@ static ssize_t dnstls_stream_write(DnsStream *stream, const char *buf, size_t co stream->dnstls_events = 0; ss = 0; } else { - char errbuf[256]; - - ERR_error_string_n(error, errbuf, sizeof(errbuf)); - log_debug("Failed to invoke SSL_write: %s", errbuf); + log_debug("Failed to invoke SSL_write: %s", DNSTLS_ERROR_STRING(error)); stream->dnstls_events = 0; ss = -EPIPE; } @@ -375,10 +365,7 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count) { stream->dnstls_events = 0; ss = 0; } else { - char errbuf[256]; - - ERR_error_string_n(error, errbuf, sizeof(errbuf)); - log_debug("Failed to invoke SSL_read: %s", errbuf); + log_debug("Failed to invoke SSL_read: %s", DNSTLS_ERROR_STRING(error)); stream->dnstls_events = 0; ss = -EPIPE; } |