git://git.exim.org
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
bb5d583
)
debug: fix openssl output
author
Jeremy Harris
<jgh146exb@wizmail.org>
Tue, 1 Jun 2021 19:51:42 +0000
(20:51 +0100)
committer
Jeremy Harris
<jgh146exb@wizmail.org>
Fri, 4 Jun 2021 18:44:52 +0000
(19:44 +0100)
src/src/tls-openssl.c
patch
|
blob
|
history
test/scripts/5600-OCSP-OpenSSL/5601
patch
|
blob
|
history
test/scripts/5600-OCSP-OpenSSL/5611
patch
|
blob
|
history
test/scripts/5740-OCSP-OpenSSL-events/5740
patch
|
blob
|
history
diff --git
a/src/src/tls-openssl.c
b/src/src/tls-openssl.c
index eb18d64d3ed32575d5c176ca5f15e9e735dbb37b..906c98cefa460b383b65f45ec4b4a15a487eb147 100644
(file)
--- a/
src/src/tls-openssl.c
+++ b/
src/src/tls-openssl.c
@@
-903,10
+903,12
@@
DEBUG(D_tls)
str = where & SSL_CB_READ ? US"read" : US"write",
SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
else if (where & SSL_CB_EXIT)
str = where & SSL_CB_READ ? US"read" : US"write",
SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
else if (where & SSL_CB_EXIT)
- if (ret == 0)
- debug_printf("%s: failed in %s\n", str, SSL_state_string_long(s));
- else if (ret < 0)
- debug_printf("%s: error in %s\n", str, SSL_state_string_long(s));
+ {
+ if (ret == 0)
+ debug_printf("%s: failed in %s\n", str, SSL_state_string_long(s));
+ else if (ret < 0)
+ debug_printf("%s: error in %s\n", str, SSL_state_string_long(s));
+ }
else if (where & SSL_CB_HANDSHAKE_START)
debug_printf("%s: hshake start: %s\n", str, SSL_state_string_long(s));
else if (where & SSL_CB_HANDSHAKE_DONE)
else if (where & SSL_CB_HANDSHAKE_START)
debug_printf("%s: hshake start: %s\n", str, SSL_state_string_long(s));
else if (where & SSL_CB_HANDSHAKE_DONE)
@@
-1247,10
+1249,14
@@
int status, reason, i;
DEBUG(D_tls)
debug_printf("tls_ocsp_file (%s) '%s'\n", is_pem ? "PEM" : "DER", filename);
DEBUG(D_tls)
debug_printf("tls_ocsp_file (%s) '%s'\n", is_pem ? "PEM" : "DER", filename);
+if (!filename || !*filename) return;
+
+ERR_clear_error();
if (!(bio = BIO_new_file(CS filename, "rb")))
{
if (!(bio = BIO_new_file(CS filename, "rb")))
{
- DEBUG(D_tls) debug_printf("Failed to open OCSP response file \"%s\"\n",
- filename);
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "Failed to open OCSP response file \"%s\": %.100s",
+ filename, ERR_reason_error_string(ERR_get_error()));
return;
}
return;
}
@@
-1261,8
+1267,8
@@
if (is_pem)
long len;
if (!PEM_read_bio(bio, &dummy, &dummy, &data, &len))
{
long len;
if (!PEM_read_bio(bio, &dummy, &dummy, &data, &len))
{
-
DEBUG(D_tls) debug_printf("Failed to read PEM file \"%s\"\n
",
-
filename
);
+
log_write(0, LOG_MAIN|LOG_PANIC, "Failed to read PEM file \"%s\": %.100s
",
+
filename, ERR_reason_error_string(ERR_get_error())
);
return;
}
freep = data;
return;
}
freep = data;
@@
-1275,7
+1281,8
@@
BIO_free(bio);
if (!resp)
{
if (!resp)
{
- DEBUG(D_tls) debug_printf("Error reading OCSP response.\n");
+ log_write(0, LOG_MAIN|LOG_PANIC, "Error reading OCSP response from \"%s\": %s",
+ filename, ERR_reason_error_string(ERR_get_error()));
return;
}
return;
}
@@
-3117,7
+3124,7
@@
if (rc <= 0)
/* Handle genuine errors */
case SSL_ERROR_SSL:
{
/* Handle genuine errors */
case SSL_ERROR_SSL:
{
- uschar * s =
US"SSL_accept"
;
+ uschar * s =
NULL
;
int r = ERR_GET_REASON(ERR_peek_error());
if ( r == SSL_R_WRONG_VERSION_NUMBER
#ifdef SSL_R_VERSION_TOO_LOW
int r = ERR_GET_REASON(ERR_peek_error());
if ( r == SSL_R_WRONG_VERSION_NUMBER
#ifdef SSL_R_VERSION_TOO_LOW
@@
-3125,7
+3132,7
@@
if (rc <= 0)
#endif
|| r == SSL_R_UNKNOWN_PROTOCOL || r == SSL_R_UNSUPPORTED_PROTOCOL)
s = string_sprintf("%s (%s)", s, SSL_get_version(ssl));
#endif
|| r == SSL_R_UNKNOWN_PROTOCOL || r == SSL_R_UNSUPPORTED_PROTOCOL)
s = string_sprintf("%s (%s)", s, SSL_get_version(ssl));
- (void) tls_error(
s, NULL, sigalrm_seen ? US"timed out" : NULL
, errstr);
+ (void) tls_error(
US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : s
, errstr);
return FAIL;
}
return FAIL;
}
diff --git
a/test/scripts/5600-OCSP-OpenSSL/5601
b/test/scripts/5600-OCSP-OpenSSL/5601
index ecc763510397df46ac10a4006e936648e386f449..7a870425f8f36a7068565a9c13441ee6f204152b 100644
(file)
--- a/
test/scripts/5600-OCSP-OpenSSL/5601
+++ b/
test/scripts/5600-OCSP-OpenSSL/5601
@@
-2,7
+2,7
@@
#
#
# Client works when we request but don't require OCSP stapling and none comes
#
#
# Client works when we request but don't require OCSP stapling and none comes
-exim -bd -oX PORT_D -DSERVER=server -DRETURN=
/dev/null
+exim -bd -oX PORT_D -DSERVER=server -DRETURN=
""
****
exim norequire@test.ex
test message.
****
exim norequire@test.ex
test message.
@@
-35,7
+35,7
@@
killdaemon
#
#
# Client fails on lack of required stapled info
#
#
# Client fails on lack of required stapled info
-exim -bd -oX PORT_D -DSERVER=server -DRETURN=
/dev/null
+exim -bd -oX PORT_D -DSERVER=server -DRETURN=
""
****
exim CALLER@test.ex
test message.
****
exim CALLER@test.ex
test message.
diff --git
a/test/scripts/5600-OCSP-OpenSSL/5611
b/test/scripts/5600-OCSP-OpenSSL/5611
index cb8f44fe133ff602500a230805dad09b2e1c8cac..695406491412935b3e86da50ec523c36219007b4 100644
(file)
--- a/
test/scripts/5600-OCSP-OpenSSL/5611
+++ b/
test/scripts/5600-OCSP-OpenSSL/5611
@@
-2,7
+2,7
@@
#
#
# Client works when we request but don't require OCSP stapling and none comes
#
#
# Client works when we request but don't require OCSP stapling and none comes
-exim -bd -oX PORT_D -DSERVER=server -DRETURN=
/dev/null
+exim -bd -oX PORT_D -DSERVER=server -DRETURN=
""
****
exim norequire@test.ex
test message.
****
exim norequire@test.ex
test message.
@@
-35,7
+35,7
@@
killdaemon
#
#
# Client fails on lack of required stapled info
#
#
# Client fails on lack of required stapled info
-exim -bd -oX PORT_D -DSERVER=server -DRETURN=
/dev/null
+exim -bd -oX PORT_D -DSERVER=server -DRETURN=
""
****
exim CALLER@test.ex
test message.
****
exim CALLER@test.ex
test message.
diff --git
a/test/scripts/5740-OCSP-OpenSSL-events/5740
b/test/scripts/5740-OCSP-OpenSSL-events/5740
index 414430630817bbec4403a53412610b3aa0d0d83c..fd137b012b41d4b0d684bb3e0a27470fff65e527 100644
(file)
--- a/
test/scripts/5740-OCSP-OpenSSL-events/5740
+++ b/
test/scripts/5740-OCSP-OpenSSL-events/5740
@@
-3,7
+3,7
@@
#
#
# Client works when we request but don't require OCSP stapling and none comes
#
#
# Client works when we request but don't require OCSP stapling and none comes
-exim -bd -oX PORT_D -DSERVER=server -DRETURN=
/dev/null
+exim -bd -oX PORT_D -DSERVER=server -DRETURN=
""
****
exim norequire_1@test.ex
test message.
****
exim norequire_1@test.ex
test message.
@@
-45,7
+45,7
@@
killdaemon
#
#
# Client fails on lack of required stapled info
#
#
# Client fails on lack of required stapled info
-exim -bd -oX PORT_D -DSERVER=server -DRETURN=
/dev/null
+exim -bd -oX PORT_D -DSERVER=server -DRETURN=
""
****
exim failrequire@test.ex
test message.
****
exim failrequire@test.ex
test message.