Show useful errors.
authorBen Laurie <ben@links.org>
Tue, 24 Sep 2013 22:13:22 +0000 (23:13 +0100)
committerBen Laurie <ben@links.org>
Wed, 25 Sep 2013 11:45:48 +0000 (12:45 +0100)
Conflicts:
apps/s_server.c

apps/s_server.c
ssl/ssl.h
ssl/ssl_err.c
ssl/ssl_rsa.c

index 9359161..c4fe72d 100644 (file)
@@ -1970,7 +1970,10 @@ bad:
 #ifndef OPENSSL_NO_TLSEXT
        if (s_serverinfo_file != NULL
            && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file))
+               {
+               ERR_print_errors(bio_err);
                goto end;
+               }
        if (c_auth)
                {
                SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err);
index a5d6ed0..a415184 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2749,6 +2749,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_BAD_AUTHENTICATION_TYPE                   102
 #define SSL_R_BAD_CHANGE_CIPHER_SPEC                    103
 #define SSL_R_BAD_CHECKSUM                              104
+#define SSL_R_BAD_DATA                                  390
 #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK             106
 #define SSL_R_BAD_DECOMPRESSION                                 107
 #define SSL_R_BAD_DH_G_LENGTH                           108
@@ -2897,6 +2898,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_COMPRESSION_SPECIFIED                  187
 #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER          330
 #define SSL_R_NO_METHOD_SPECIFIED                       188
+#define SSL_R_NO_PEM_EXTENSIONS                                 389
 #define SSL_R_NO_PRIVATEKEY                             189
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                   190
 #define SSL_R_NO_PROTOCOLS_AVAILABLE                    191
@@ -2924,6 +2926,8 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_PEER_ERROR_NO_CERTIFICATE                         202
 #define SSL_R_PEER_ERROR_NO_CIPHER                      203
 #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE   204
+#define SSL_R_PEM_NAME_BAD_PREFIX                       391
+#define SSL_R_PEM_NAME_TOO_SHORT                        392
 #define SSL_R_PRE_MAC_LENGTH_TOO_LONG                   205
 #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS                 206
 #define SSL_R_PROTOCOL_IS_SHUTDOWN                      207
index d295f43..9889a27 100644 (file)
@@ -313,6 +313,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
 {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
 {ERR_REASON(SSL_R_BAD_CHECKSUM)          ,"bad checksum"},
+{ERR_REASON(SSL_R_BAD_DATA)              ,"bad data"},
 {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
 {ERR_REASON(SSL_R_BAD_DECOMPRESSION)     ,"bad decompression"},
 {ERR_REASON(SSL_R_BAD_DH_G_LENGTH)       ,"bad dh g length"},
@@ -461,6 +462,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
 {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
 {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   ,"no method specified"},
+{ERR_REASON(SSL_R_NO_PEM_EXTENSIONS)     ,"no pem extensions"},
 {ERR_REASON(SSL_R_NO_PRIVATEKEY)         ,"no privatekey"},
 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
@@ -488,6 +490,8 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
 {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER)  ,"peer error no cipher"},
 {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
+{ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX)   ,"pem name bad prefix"},
+{ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT)    ,"pem name too short"},
 {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
 {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
 {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN)  ,"protocol is shutdown"},
index 36d7a1a..9532955 100644 (file)
@@ -1012,7 +1012,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
                        /* There must be at least one extension in this file */
                        if (num_extensions == 0)
                                {
-                               SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                               SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_NO_PEM_EXTENSIONS);
                                goto end;
                                }
                        else /* End of file, we're done */
@@ -1021,18 +1021,18 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
                /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
                if (strlen(name) < strlen(namePrefix))
                        {
-                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
                        goto end;
                        }
                if (strncmp(name, namePrefix, strlen(namePrefix)) != 0)
                        {
-                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_BAD_PREFIX);
                        goto end;
                        }
                /* Check that the decoded PEM data is plausible (valid length field) */
                if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4)
                        {
-                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
+                       SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
                        goto end;
                        }
                /* Append the decoded extension to the serverinfo buffer */