Report SSL errors through vpninfo->progress()

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · May 27, 2009 · 2459a1f · 2459a1f
1 parent 77f3872
commit 2459a1f
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 11 deletions.
diff --git a/cstp.c b/cstp.c
@@ -526,7 +526,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
 				return work_done;
 			default:
 				vpninfo->progress(vpninfo, PRG_ERR, "SSL_write failed: %d\n", ret);
-				ERR_print_errors_fp(stderr);
+				report_ssl_errors(vpninfo);
 				goto do_reconnect;
 			}
 		}

diff --git a/dtls.c b/dtls.c
@@ -266,7 +266,7 @@ int dtls_try_handshake(struct openconnect_info *vpninfo)
 	}
 
 	vpninfo->progress(vpninfo, PRG_ERR, "DTLS handshake failed: %d\n", ret);
-	ERR_print_errors_fp(stderr);
+	report_ssl_errors(vpninfo);
 
 	/* Kill the new (failed) connection... */
 	SSL_free(vpninfo->new_dtls_ssl);
@@ -492,7 +492,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
 			if (ret != SSL_ERROR_WANT_READ && ret != SSL_ERROR_WANT_WRITE) {
 				vpninfo->progress(vpninfo, PRG_ERR,
 						  "DTLS got write error %d. Falling back to SSL\n", ret);
-				ERR_print_errors_fp(stderr);
+				report_ssl_errors(vpninfo);
 				dtls_restart(vpninfo);
 				vpninfo->outgoing_queue = this;
 				vpninfo->outgoing_qlen++;

diff --git a/openconnect.h b/openconnect.h
@@ -262,6 +262,7 @@ int  __attribute__ ((format (printf, 2, 3)))
 int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len);
 int openconnect_open_https(struct openconnect_info *vpninfo);
 void openconnect_close_https(struct openconnect_info *vpninfo);
+void report_ssl_errors(struct openconnect_info *vpninfo);
 
 /* mainloop.c */
 int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);

diff --git a/ssl.c b/ssl.c
@@ -51,6 +51,19 @@ int  __attribute__ ((format (printf, 2, 3)))
 
 }
 
+static int print_err(const char *str, size_t len, void *ptr)
+{
+	struct openconnect_info *vpninfo = ptr;
+
+	vpninfo->progress(vpninfo, PRG_ERR, "%s", str);
+	return 0;
+}
+
+void report_ssl_errors(struct openconnect_info *vpninfo)
+{
+	ERR_print_errors_cb(print_err, vpninfo);
+}
+
 int openconnect_SSL_gets(SSL *ssl, char *buf, size_t len)
 {
 	int i = 0;
@@ -92,7 +105,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
 					  SSL_FILETYPE_PEM)) {
 		vpninfo->progress(vpninfo, PRG_ERR,
 				  "Load certificate failed\n");
-		ERR_print_errors_fp(stderr);
+		report_ssl_errors(vpninfo);
 		return -EINVAL;
 	}
 
@@ -104,13 +117,13 @@ static int load_certificate(struct openconnect_info *vpninfo)
 		e = ENGINE_by_id("tpm");
 		if (!e) {
 			vpninfo->progress(vpninfo, PRG_ERR, "Can't load TPM engine.\n");
-			ERR_print_errors_fp(stderr);
+			report_ssl_errors(vpninfo);
 			return -EINVAL;
 		}
 		if (!ENGINE_init(e) || !ENGINE_set_default_RSA(e) ||
 		    !ENGINE_set_default_RAND(e)) {
 			vpninfo->progress(vpninfo, PRG_ERR, "Failed to init TPM engine\n");
-			ERR_print_errors_fp(stderr);
+			report_ssl_errors(vpninfo);
 			ENGINE_free(e);
 			return -EINVAL;
 		}
@@ -119,21 +132,21 @@ static int load_certificate(struct openconnect_info *vpninfo)
 			if (!ENGINE_ctrl_cmd(e, "PIN", strlen(vpninfo->tpmpass),
 					     vpninfo->tpmpass, NULL, 0)) {
 				vpninfo->progress(vpninfo, PRG_ERR, "Failed to set TPM SRK password\n");
-				ERR_print_errors_fp(stderr);
+				report_ssl_errors(vpninfo);
 			}
 		}
 		key = ENGINE_load_private_key(e, vpninfo->sslkey, NULL, NULL);
 		if (!key) {
 			vpninfo->progress(vpninfo, PRG_ERR,
 				"Failed to load TPM private key\n");
-			ERR_print_errors_fp(stderr);
+			report_ssl_errors(vpninfo);
 			ENGINE_free(e);
 			ENGINE_finish(e);
 			return -EINVAL;
 		}
 		if (!SSL_CTX_use_PrivateKey(vpninfo->https_ctx, key)) {
 			vpninfo->progress(vpninfo, PRG_ERR, "Add key from TPM failed\n");
-			ERR_print_errors_fp(stderr);
+			report_ssl_errors(vpninfo);
 			ENGINE_free(e);
 			ENGINE_finish(e);
 			return -EINVAL;
@@ -143,7 +156,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
 						    vpninfo->sslkey,
 						    SSL_FILETYPE_PEM)) {
 			vpninfo->progress(vpninfo, PRG_ERR, "Private key failed\n");
-			ERR_print_errors_fp(stderr);
+			report_ssl_errors(vpninfo);
 			return -EINVAL;
 		}
 	}
@@ -301,7 +314,7 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
 
 	if (SSL_connect(https_ssl) <= 0) {
 		vpninfo->progress(vpninfo, PRG_ERR, "SSL connection failure\n");
-		ERR_print_errors_fp(stderr);
+		report_ssl_errors(vpninfo);
 		SSL_free(https_ssl);
 		close(ssl_sock);
 		return -EINVAL;