diff options
| author | Steffan Karger <steffan@karger.me> | 2014-10-25 22:35:22 +0200 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2014-12-31 15:23:57 +0100 |
| commit | e795d6ba57e6e79bfae941ab048e44e47179865c (patch) | |
| tree | 526d3cd145b1e1fb9229b310c3e301329377c152 /src | |
| parent | 01bfdf3a38059cf907bec60d6fd36a5eeef59032 (diff) | |
| download | openvpn-e795d6ba57e6e79bfae941ab048e44e47179865c.tar.gz openvpn-e795d6ba57e6e79bfae941ab048e44e47179865c.tar.xz openvpn-e795d6ba57e6e79bfae941ab048e44e47179865c.zip | |
openssl: add crypto_msg(), to easily log openssl errors
This works towards removing OpenSSL-specific error printing code from
error.c. The crypto_msg() functions provide convenience wrappers, specific
to OpenSSL. Instead of passing the magical 'M_SSLERR' flag to msg(), a
developer now just calls crypto_msg() to get OpenSSL errors dumped to log.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1414269324-14102-5-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9199
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src')
| -rw-r--r-- | src/openvpn/crypto_openssl.c | 9 | ||||
| -rw-r--r-- | src/openvpn/crypto_openssl.h | 25 | ||||
| -rw-r--r-- | src/openvpn/error.h | 6 |
3 files changed, 40 insertions, 0 deletions
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index f7a491d..1bf6594 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -195,6 +195,15 @@ crypto_clear_error (void) ERR_clear_error (); } +void +crypto_print_openssl_errors(const unsigned int flags) { + size_t err = 0; + + while ((err = ERR_get_error ())) + msg (flags, "OpenSSL: %s", ERR_error_string (err, NULL)); +} + + /* * * OpenSSL memory debugging. If dmalloc debugging is enabled, tell diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h index f883c2a..42c7e9a 100644 --- a/src/openvpn/crypto_openssl.h +++ b/src/openvpn/crypto_openssl.h @@ -70,4 +70,29 @@ typedef HMAC_CTX hmac_ctx_t; #define DES_KEY_LENGTH 8 #define MD4_DIGEST_LENGTH 16 +/** + * Retrieve any occurred OpenSSL errors and print those errors. + * + * Note that this function uses the not thread-safe OpenSSL error API. + * + * @param flags Flags to indicate error type and priority. + */ +void crypto_print_openssl_errors(const unsigned int flags); + +/** + * Retrieve any OpenSSL errors, then print the supplied error message. + * + * This is just a convenience wrapper for often occurring situations. + * + * @param flags Flags to indicate error type and priority. + * @param format Format string to print. + * @param format args (optional) arguments for the format string. + */ +# define crypto_msg(flags, ...) \ +do { \ + crypto_print_openssl_errors(nonfatal(flags)); \ + msg((flags), __VA_ARGS__); \ +} while (false) + + #endif /* CRYPTO_OPENSSL_H_ */ diff --git a/src/openvpn/error.h b/src/openvpn/error.h index 1e1f2ac..a977f51 100644 --- a/src/openvpn/error.h +++ b/src/openvpn/error.h @@ -354,6 +354,12 @@ ignore_sys_error (const int err) return false; } +/** Convert fatal errors to nonfatal, don't touch other errors */ +static inline const unsigned int +nonfatal(const unsigned int err) { + return err & M_FATAL ? (err ^ M_FATAL) | M_NONFATAL : err; +} + #include "errlevel.h" #endif |