[Pgpool-hackers] [PATCH] Add descriptive error messages for OpenSSL related failures
Tatsuo Ishii
ishii at sraoss.co.jp
Wed Feb 3 09:44:50 UTC 2010
Here is the header of my pool_ssl.c:
* $Header: /cvsroot/pgpool/pgpool-II/pool_ssl.c,v 1.3 2010/01/31
13:28:00 t-ishii Exp $
The file size is 5879 bytes. If these are same as yours, then the
problem must be with my patch program:-< In this can you send me
patched pool_ssl.c?
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
> Hi Tatsuo,
>
> AFAIK this was generated from a branch based of of latest CVS HEAD. To
> make sure it wasn't a problem with my use of git/git-cvsimport, I've
> downloaded the patch from the mailing list and verified that it applies
> in a fresh CVS checkout:
>
> rangda[/tmp] cvs -d :pserver:anonymous at cvs.pgfoundry.org:/cvsroot/pgpool co pgpool-II
> <snip>
> rangda[/tmp/pgpool-II] patch < ~/ssl.patch :)
> patching file pool_ssl.c
>
> Are you certain you don't have local changes to these files?
>
>
> Regards,
> sean
>
> On Wed, Feb 03, 2010 at 12:00:07PM +0900, Tatsuo Ishii wrote:
> > Sean,
> >
> > > All previously handled errors related to the OpenSSL engine are now
> > > handled with a macro and a small static function in order to both
> > > produce more informative errors as well as commonize some duplicate
> > > code in pool_ssl.c
> >
> > Thanks for the patches. However following fragment does not apply
> > cleanly. Can you please regenerate patches against CVS HEAD? Or
> > provide me in a different patch style?
> > --
> > Tatsuo Ishii
> > SRA OSS, Inc. Japan
> > English: http://www.sraoss.co.jp/index_en.php
> > Japanese: http://www.sraoss.co.jp
> >
> > -------------------------------------------------------------
> > ***************
> > *** 145,171 ****
> > if (strlen(pool_config->ssl_ca_cert_dir))
> > cacert_dir = pool_config->ssl_ca_cert_dir;
> >
> > - if ( (!error) && (cacert || cacert_dir) ) {
> > - if (! SSL_CTX_load_verify_locations(cp->ssl_ctx, cacert, cacert_dir)) {
> > - pool_error("pool_ssl: SSL CA load error: %ld", ERR_get_error());
> > - error = -1;
> > - } else {
> > - SSL_CTX_set_verify(cp->ssl_ctx, SSL_VERIFY_PEER, NULL);
> > - }
> > }
> > -
> > }
> >
> > - if (! error) {
> > - cp->ssl = SSL_new(cp->ssl_ctx);
> > - if (! cp->ssl) {
> > - pool_error("pool_ssl: SSL_new failed: %ld", ERR_get_error());
> > - error = -1;
> > - }
> > }
> >
> > - return error;
> > }
> >
> > #else /* USE_SSL: wrap / no-op ssl functionality if it's not available */
> > - -
> > --- 152,189 ----
> > if (strlen(pool_config->ssl_ca_cert_dir))
> > cacert_dir = pool_config->ssl_ca_cert_dir;
> >
> > + if ( cacert || cacert_dir ) {
> > + error = (!SSL_CTX_load_verify_locations(cp->ssl_ctx,
> > + cacert,
> > + cacert_dir));
> > + SSL_RETURN_ERROR_IF(error, "SSL verification setup");
> > + SSL_CTX_set_verify(cp->ssl_ctx, SSL_VERIFY_PEER, NULL);
> > }
> > }
> >
> > + cp->ssl = SSL_new(cp->ssl_ctx);
> > + SSL_RETURN_ERROR_IF( (! cp->ssl), "SSL_new");
> > +
> > + return 0;
> > + }
> > +
> > + static void perror_ssl(const char *context) {
> > + unsigned long err;
> > + static const char *no_err_reason = "no SSL error reported";
> > + const char *reason;
> > +
> > + err = ERR_get_error();
> > + if (! err) {
> > + reason = no_err_reason;
> > + } else {
> > + reason = ERR_reason_error_string(err);
> > }
> >
> > + if (reason != NULL) {
> > + pool_error("pool_ssl: %s: %s", context, reason);
> > + } else {
> > + pool_error("pool_ssl: %s: Unknown SSL error %lu", context, err);
> > + }
> > }
> >
> > #else /* USE_SSL: wrap / no-op ssl functionality if it's not available */
More information about the Pgpool-hackers
mailing list