[Asterisk-code-review] tcptls.c: Log more informative OpenSSL errors (asterisk[13])
George Joseph
asteriskteam at digium.com
Fri Feb 21 09:01:09 CST 2020
George Joseph has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/13812 )
Change subject: tcptls.c: Log more informative OpenSSL errors
......................................................................
tcptls.c: Log more informative OpenSSL errors
Dump OpenSSL's error stack to the error log when things fail.
ASTERISK-28750 #close
Reported by: Martin Zeh
Change-Id: Ib63cd0df20275586e68ac4c2ddad222ed7bd9c0a
---
M main/tcptls.c
1 file changed, 26 insertions(+), 0 deletions(-)
Approvals:
Benjamin Keith Ford: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved; Approved for Submit
diff --git a/main/tcptls.c b/main/tcptls.c
index c2397e7..8a2422f 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -134,6 +134,28 @@
return "Unknown";
}
+
+static void write_openssl_error_to_log(void)
+{
+ FILE *fp;
+ char *buffer;
+ size_t length;
+
+ fp = open_memstream(&buffer, &length);
+ if (!fp) {
+ return;
+ }
+
+ ERR_print_errors_fp(fp);
+ fclose(fp);
+
+ if (length) {
+ ast_log(LOG_ERROR, "%.*s\n", (int) length, buffer);
+ }
+
+ ast_free(buffer);
+}
+
#endif
void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream)
@@ -1010,6 +1032,7 @@
if (!client) {
/* Clients don't need a certificate, but if its setup we can use it */
ast_log(LOG_ERROR, "TLS/SSL error loading cert file. <%s>\n", cfg->certfile);
+ write_openssl_error_to_log();
cfg->enabled = 0;
SSL_CTX_free(cfg->ssl_ctx);
cfg->ssl_ctx = NULL;
@@ -1020,6 +1043,7 @@
if (!client) {
/* Clients don't need a private key, but if its setup we can use it */
ast_log(LOG_ERROR, "TLS/SSL error loading private key file. <%s>\n", tmpprivate);
+ write_openssl_error_to_log();
cfg->enabled = 0;
SSL_CTX_free(cfg->ssl_ctx);
cfg->ssl_ctx = NULL;
@@ -1031,6 +1055,7 @@
if (SSL_CTX_set_cipher_list(cfg->ssl_ctx, cfg->cipher) == 0 ) {
if (!client) {
ast_log(LOG_ERROR, "TLS/SSL cipher error <%s>\n", cfg->cipher);
+ write_openssl_error_to_log();
cfg->enabled = 0;
SSL_CTX_free(cfg->ssl_ctx);
cfg->ssl_ctx = NULL;
@@ -1041,6 +1066,7 @@
if (!ast_strlen_zero(cfg->cafile) || !ast_strlen_zero(cfg->capath)) {
if (SSL_CTX_load_verify_locations(cfg->ssl_ctx, S_OR(cfg->cafile, NULL), S_OR(cfg->capath,NULL)) == 0) {
ast_log(LOG_ERROR, "TLS/SSL CA file(%s)/path(%s) error\n", cfg->cafile, cfg->capath);
+ write_openssl_error_to_log();
}
}
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/13812
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Change-Id: Ib63cd0df20275586e68ac4c2ddad222ed7bd9c0a
Gerrit-Change-Number: 13812
Gerrit-PatchSet: 1
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200221/7a81b2bc/attachment.html>
More information about the asterisk-code-review
mailing list