Show useful errors.

diff --git a/apps/s_server.c b/apps/s_server.c
index f8bad32b23cbe299774d4dba545b44a9620816d1..2c83a6654bc752b7649623ffbb9ef2c34b557918 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1865,7 +1865,10 @@ bad:
                goto end;
        if (s_serverinfo_file != NULL
            && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file))
                goto end;
        if (s_serverinfo_file != NULL
            && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file))

+               {
+               ERR_print_errors(bio_err);

                goto end;
                goto end;

+               }

 #endif
 #ifndef OPENSSL_NO_TLSEXT
        if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2, NULL, build_chain))
 #endif
 #ifndef OPENSSL_NO_TLSEXT
        if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2, NULL, build_chain))

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 1e7c238622337df4002305e41797516779293e50..1f4623ae81a020cff4909ac5df6a6bb9663247ef 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2654,6 +2654,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_BAD_AUTHENTICATION_TYPE                   102
 #define SSL_R_BAD_CHANGE_CIPHER_SPEC                    103
 #define SSL_R_BAD_CHECKSUM                              104
 #define SSL_R_BAD_AUTHENTICATION_TYPE                   102
 #define SSL_R_BAD_CHANGE_CIPHER_SPEC                    103
 #define SSL_R_BAD_CHECKSUM                              104

+#define SSL_R_BAD_DATA                                  390

 #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK             106
 #define SSL_R_BAD_DECOMPRESSION                                 107
 #define SSL_R_BAD_DH_G_LENGTH                           108
 #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK             106
 #define SSL_R_BAD_DECOMPRESSION                                 107
 #define SSL_R_BAD_DH_G_LENGTH                           108


@@ -2804,6 +2805,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_COMPRESSION_SPECIFIED                  187
 #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER          330
 #define SSL_R_NO_METHOD_SPECIFIED                       188
 #define SSL_R_NO_COMPRESSION_SPECIFIED                  187
 #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER          330
 #define SSL_R_NO_METHOD_SPECIFIED                       188

+#define SSL_R_NO_PEM_EXTENSIONS                                 389

 #define SSL_R_NO_PRIVATEKEY                             189
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                   190
 #define SSL_R_NO_PROTOCOLS_AVAILABLE                    191
 #define SSL_R_NO_PRIVATEKEY                             189
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                   190
 #define SSL_R_NO_PROTOCOLS_AVAILABLE                    191


@@ -2831,6 +2833,8 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_PEER_ERROR_NO_CERTIFICATE                         202
 #define SSL_R_PEER_ERROR_NO_CIPHER                      203
 #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE   204
 #define SSL_R_PEER_ERROR_NO_CERTIFICATE                         202
 #define SSL_R_PEER_ERROR_NO_CIPHER                      203
 #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE   204

+#define SSL_R_PEM_NAME_BAD_PREFIX                       391
+#define SSL_R_PEM_NAME_TOO_SHORT                        392

 #define SSL_R_PRE_MAC_LENGTH_TOO_LONG                   205
 #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS                 206
 #define SSL_R_PROTOCOL_IS_SHUTDOWN                      207
 #define SSL_R_PRE_MAC_LENGTH_TOO_LONG                   205
 #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS                 206
 #define SSL_R_PROTOCOL_IS_SHUTDOWN                      207

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index ef0a032e9392a60c5a22ad6039bc718caeae5c41..3de87ea0a65617ada9f710b6e94a21268fdd46ce 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -319,6 +319,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
 {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
 {ERR_REASON(SSL_R_BAD_CHECKSUM)          ,"bad checksum"},
 {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
 {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
 {ERR_REASON(SSL_R_BAD_CHECKSUM)          ,"bad checksum"},

+{ERR_REASON(SSL_R_BAD_DATA)              ,"bad data"},

 {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
 {ERR_REASON(SSL_R_BAD_DECOMPRESSION)     ,"bad decompression"},
 {ERR_REASON(SSL_R_BAD_DH_G_LENGTH)       ,"bad dh g length"},
 {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
 {ERR_REASON(SSL_R_BAD_DECOMPRESSION)     ,"bad decompression"},
 {ERR_REASON(SSL_R_BAD_DH_G_LENGTH)       ,"bad dh g length"},


@@ -469,6 +470,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
 {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
 {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   ,"no method specified"},
 {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
 {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
 {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   ,"no method specified"},

+{ERR_REASON(SSL_R_NO_PEM_EXTENSIONS)     ,"no pem extensions"},

 {ERR_REASON(SSL_R_NO_PRIVATEKEY)         ,"no privatekey"},
 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
 {ERR_REASON(SSL_R_NO_PRIVATEKEY)         ,"no privatekey"},
 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},


@@ -496,6 +498,8 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
 {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER)  ,"peer error no cipher"},
 {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
 {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
 {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER)  ,"peer error no cipher"},
 {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},

+{ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX)   ,"pem name bad prefix"},
+{ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT)    ,"pem name too short"},

 {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
 {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
 {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN)  ,"protocol is shutdown"},
 {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
 {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
 {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN)  ,"protocol is shutdown"},

diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index 57a2d846a785734986a9d611678bf83a68688df9..55dc1b3dd912ab57fe63d7c5bdc6ec3e033fecf2 100644 (file)
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -1236,7 +1236,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
                        /* There must be at least one extension in this file */
                        if (num_extensions == 0)
                                {
                        /* There must be at least one extension in this file */
                        if (num_extensions == 0)
                                {

-                               SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                               SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_NO_PEM_EXTENSIONS);

                                goto end;
                                }
                        else /* End of file, we're done */
                                goto end;
                                }
                        else /* End of file, we're done */


@@ -1245,18 +1245,18 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
                /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
                if (strlen(name) < strlen(namePrefix))
                        {
                /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
                if (strlen(name) < strlen(namePrefix))
                        {

-                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);

                        goto end;
                        }
                if (strncmp(name, namePrefix, strlen(namePrefix)) != 0)
                        {
                        goto end;
                        }
                if (strncmp(name, namePrefix, strlen(namePrefix)) != 0)
                        {

-                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_BAD_PREFIX);

                        goto end;
                        }
                /* Check that the decoded PEM data is plausible (valid length field) */
                if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4)
                        {
                        goto end;
                        }
                /* Check that the decoded PEM data is plausible (valid length field) */
                if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4)
                        {

-                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);

                        goto end;
                        }
                /* Append the decoded extension to the serverinfo buffer */
                        goto end;
                        }
                /* Append the decoded extension to the serverinfo buffer */