dovecot-2.2: lib-ssl-iostream: Fixes to error handling.

Thu Dec 3 10:03:27 UTC 2015

details:   http://hg.dovecot.org/dovecot-2.2/rev/151df65d2de5
changeset: 19445:151df65d2de5
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Dec 03 11:55:33 2015 +0200
description:
lib-ssl-iostream: Fixes to error handling.
Copy behavior from login-common/ssl-proxy-openssl.c:
 - Handle stacked errors.
 - Improve errors with ERR_TXT_STRING flag.

diffstat:

 src/lib-ssl-iostream/iostream-openssl-context.c |  37 ++++++++++++++++++------
 1 files changed, 27 insertions(+), 10 deletions(-)

diffs (56 lines):

diff -r 2f823d983832 -r 151df65d2de5 src/lib-ssl-iostream/iostream-openssl-context.c

--- a/src/lib-ssl-iostream/iostream-openssl-context.c	Thu Dec 03 11:41:58 2015 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c	Thu Dec 03 11:55:33 2015 +0200
@@ -28,25 +28,42 @@
 static int ssl_iostream_init_global(const struct ssl_iostream_settings *set,
 				    const char **error_r);
 
+static const char *ssl_err2str(unsigned long err, const char *data, int flags)
+{
+	const char *ret;
+	char *buf;
+	size_t err_size = 256;
+
+	buf = t_malloc(err_size);
+	buf[err_size-1] = '\0';
+	ERR_error_string_n(err, buf, err_size-1);
+	ret = buf;
+
+	if ((flags & ERR_TXT_STRING) != 0)
+		ret = t_strdup_printf("%s: %s", buf, data);
+	return ret;
+}
+
 const char *openssl_iostream_error(void)
 {
 	unsigned long err;
-	char *buf;
-	size_t err_size = 256;
+	const char *data;
+	int flags;
 
-	err = ERR_get_error();
+	while ((err = ERR_get_error_line_data(NULL, NULL, &data, &flags)) != 0) {
+		if (ERR_GET_REASON(err) == ERR_R_MALLOC_FAILURE)
+			i_fatal_status(FATAL_OUTOFMEM, "OpenSSL malloc() failed");
+		if (ERR_peek_error() != 0)
+			break;
+		i_error("SSL: Stacked error: %s",
+			ssl_err2str(err, data, flags));
+	}
 	if (err == 0) {
 		if (errno != 0)
 			return strerror(errno);
 		return "Unknown error";
 	}
-	if (ERR_GET_REASON(err) == ERR_R_MALLOC_FAILURE)
-		i_fatal_status(FATAL_OUTOFMEM, "OpenSSL malloc() failed");
-
-	buf = t_malloc(err_size);
-	buf[err_size-1] = '\0';
-	ERR_error_string_n(err, buf, err_size-1);
-	return buf;
+	return ssl_err2str(err, data, flags);
 }
 
 const char *openssl_iostream_key_load_error(void)
