resolved: log error messages for openssl/gnutls context creation

In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting an error message: Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory I expect that this actually comes from dnstls_manager_init(), the openssl version. But without real logs it's hard to know for sure. Use EIO instead of ENOMEM, because the problem is unlikely to be actually related to memory.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2024-11-03 12:58:12 +0100
committer: Lennart Poettering <lennart@poettering.net> 2024-11-05 11:59:29 +0100
commit: ee95e86ae163e436384f1b782a77a7e18deba890 (patch)
tree: 7272667034c021285b4ada2deab64bd6fbf9e602 /src
parent: network: limit the total number of Encrypted DNS options processed (diff)
download: systemd-ee95e86ae163e436384f1b782a77a7e18deba890.tar.xz
systemd-ee95e86ae163e436384f1b782a77a7e18deba890.zip
2 files changed, 9 insertions, 4 deletions
diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c
index 6ac026ee79..321595f295 100644
--- a/src/resolve/resolved-dnstls-gnutls.c
+++ b/src/resolve/resolved-dnstls-gnutls.c
@@ -236,7 +236,9 @@ int dnstls_manager_init(Manager *manager) {
 
         r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
         if (r < 0)
-                return -ENOMEM;
+                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                         "Failed to allocate SSL credentials: %s",
+                                         gnutls_strerror(r));
 
         r = gnutls_certificate_set_x509_system_trust(manager->dnstls_data.cert_cred);
         if (r < 0)
diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c
index 3112ccb677..d814c174ea 100644
--- a/src/resolve/resolved-dnstls-openssl.c
+++ b/src/resolve/resolved-dnstls-openssl.c
@@ -394,11 +394,15 @@ int dnstls_manager_init(Manager *manager) {
 
         manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
         if (!manager->dnstls_data.ctx)
-                return -ENOMEM;
+                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                         "Failed to create SSL context: %s",
+                                         ERR_error_string(ERR_get_error(), NULL));
 
         r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
         if (r == 0)
-                return -EIO;
+                return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                         "Failed to set protocol version on SSL context: %s",
+                                         ERR_error_string(ERR_get_error(), NULL));
 
         (void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
 
@@ -407,7 +411,6 @@ int dnstls_manager_init(Manager *manager) {
                 return log_warning_errno(SYNTHETIC_ERRNO(EIO),
                                          "Failed to load system trust store: %s",
                                          ERR_error_string(ERR_get_error(), NULL));
-
         return 0;
 }
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2024-11-03 12:58:12 +0100
committer	Lennart Poettering <lennart@poettering.net>	2024-11-05 11:59:29 +0100
commit	ee95e86ae163e436384f1b782a77a7e18deba890 (patch)
tree	7272667034c021285b4ada2deab64bd6fbf9e602 /src
parent	network: limit the total number of Encrypted DNS options processed (diff)
download	systemd-ee95e86ae163e436384f1b782a77a7e18deba890.tar.xz systemd-ee95e86ae163e436384f1b782a77a7e18deba890.zip