[Asterisk-code-review] res xmpp: Try to provide useful errors messages from OpenSSL (asterisk[master])

Anonymous Coward asteriskteam at digium.com
Fri Mar 24 09:12:57 CDT 2017 

Anonymous Coward #1000019 has submitted this change and it was merged. ( https://gerrit.asterisk.org/5302 )

Change subject: res_xmpp: Try to provide useful errors messages from OpenSSL
......................................................................


res_xmpp: Try to provide useful errors messages from OpenSSL

If any errors occur during the TLS connection setup, we currently dump a
fairly generic error message. So instead we try to pull in something
useful from OpenSSL to report instead.

ASTERISK-24712
Reported by: Matthias Urlichs

Change-Id: I288500991a9681f447d92913b11fedaf426087f4
---
M res/res_xmpp.c
1 file changed, 23 insertions(+), 1 deletion(-)

Approvals:
  Kevin Harwell: Looks good to me, but someone else must approve
  Anonymous Coward #1000019: Verified
  Joshua Colp: Looks good to me, approved



diff --git a/res/res_xmpp.c b/res/res_xmpp.c
index 1aa865c..4e66852 100644
--- a/res/res_xmpp.c
+++ b/res/res_xmpp.c
@@ -2629,12 +2629,31 @@
 #endif
 }
 
+#ifdef HAVE_OPENSSL
+static char *openssl_error_string(void)
+{
+	char *buf = NULL, *ret;
+	size_t len;
+	BIO *bio = BIO_new(BIO_s_mem());
+
+	ERR_print_errors(bio);
+	len = BIO_get_mem_data(bio, &buf);
+	ret = ast_calloc(1, len + 1);
+	if (ret) {
+		memcpy(ret, buf, len);
+	}
+	BIO_free(bio);
+	return ret;
+}
+#endif
+
 /*! \brief Internal function called when we receive a response to our TLS initiation request */
 static int xmpp_client_requested_tls(struct ast_xmpp_client *client, struct ast_xmpp_client_config *cfg, int type, iks *node)
 {
 #ifdef HAVE_OPENSSL
 	int sock;
 	long ssl_opts;
+	char *err;
 #endif
 
 	if (!strcmp(iks_name(node), "success")) {
@@ -2690,7 +2709,10 @@
 	return 0;
 
 failure:
-	ast_log(LOG_ERROR, "TLS connection for client '%s' cannot be established. OpenSSL initialization failed.\n", client->name);
+	err = openssl_error_string();
+	ast_log(LOG_ERROR, "TLS connection for client '%s' cannot be established. "
+		"OpenSSL initialization failed: %s\n", client->name, err);
+	ast_free(err);
 	return -1;
 #endif
 }

-- 
To view, visit https://gerrit.asterisk.org/5302
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I288500991a9681f447d92913b11fedaf426087f4
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>

More information about the asterisk-code-review mailing list