[Pgpool-hackers] [PATCH] Add descriptive error messages for OpenSSL related failures
Tatsuo Ishii
ishii at sraoss.co.jp
Wed Feb 3 03:00:07 UTC 2010
Sean,
> All previously handled errors related to the OpenSSL engine are now
> handled with a macro and a small static function in order to both
> produce more informative errors as well as commonize some duplicate
> code in pool_ssl.c
Thanks for the patches. However following fragment does not apply
cleanly. Can you please regenerate patches against CVS HEAD? Or
provide me in a different patch style?
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
-------------------------------------------------------------
***************
*** 145,171 ****
if (strlen(pool_config->ssl_ca_cert_dir))
cacert_dir = pool_config->ssl_ca_cert_dir;
- if ( (!error) && (cacert || cacert_dir) ) {
- if (! SSL_CTX_load_verify_locations(cp->ssl_ctx, cacert, cacert_dir)) {
- pool_error("pool_ssl: SSL CA load error: %ld", ERR_get_error());
- error = -1;
- } else {
- SSL_CTX_set_verify(cp->ssl_ctx, SSL_VERIFY_PEER, NULL);
- }
}
-
}
- if (! error) {
- cp->ssl = SSL_new(cp->ssl_ctx);
- if (! cp->ssl) {
- pool_error("pool_ssl: SSL_new failed: %ld", ERR_get_error());
- error = -1;
- }
}
- return error;
}
#else /* USE_SSL: wrap / no-op ssl functionality if it's not available */
- -
--- 152,189 ----
if (strlen(pool_config->ssl_ca_cert_dir))
cacert_dir = pool_config->ssl_ca_cert_dir;
+ if ( cacert || cacert_dir ) {
+ error = (!SSL_CTX_load_verify_locations(cp->ssl_ctx,
+ cacert,
+ cacert_dir));
+ SSL_RETURN_ERROR_IF(error, "SSL verification setup");
+ SSL_CTX_set_verify(cp->ssl_ctx, SSL_VERIFY_PEER, NULL);
}
}
+ cp->ssl = SSL_new(cp->ssl_ctx);
+ SSL_RETURN_ERROR_IF( (! cp->ssl), "SSL_new");
+
+ return 0;
+ }
+
+ static void perror_ssl(const char *context) {
+ unsigned long err;
+ static const char *no_err_reason = "no SSL error reported";
+ const char *reason;
+
+ err = ERR_get_error();
+ if (! err) {
+ reason = no_err_reason;
+ } else {
+ reason = ERR_reason_error_string(err);
}
+ if (reason != NULL) {
+ pool_error("pool_ssl: %s: %s", context, reason);
+ } else {
+ pool_error("pool_ssl: %s: Unknown SSL error %lu", context, err);
+ }
}
#else /* USE_SSL: wrap / no-op ssl functionality if it's not available */
More information about the Pgpool-hackers
mailing list