Show useful errors.
Conflicts: apps/s_server.c
This commit is contained in:
Ben Laurie
parent
3cd8547a20
commit
9725bda766
@ -1970,7 +1970,10 @@ bad:
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
if (s_serverinfo_file != NULL
|
||||
&& !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file))
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
if (c_auth)
|
||||
{
|
||||
SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err);
|
||||
|
||||
@ -2749,6 +2749,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_BAD_AUTHENTICATION_TYPE 102
|
||||
#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
|
||||
#define SSL_R_BAD_CHECKSUM 104
|
||||
#define SSL_R_BAD_DATA 390
|
||||
#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
|
||||
#define SSL_R_BAD_DECOMPRESSION 107
|
||||
#define SSL_R_BAD_DH_G_LENGTH 108
|
||||
@ -2897,6 +2898,7 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
|
||||
#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
|
||||
#define SSL_R_NO_METHOD_SPECIFIED 188
|
||||
#define SSL_R_NO_PEM_EXTENSIONS 389
|
||||
#define SSL_R_NO_PRIVATEKEY 189
|
||||
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
|
||||
#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
|
||||
@ -2924,6 +2926,8 @@ void ERR_load_SSL_strings(void);
|
||||
#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
|
||||
#define SSL_R_PEER_ERROR_NO_CIPHER 203
|
||||
#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
|
||||
#define SSL_R_PEM_NAME_BAD_PREFIX 391
|
||||
#define SSL_R_PEM_NAME_TOO_SHORT 392
|
||||
#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
|
||||
#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
|
||||
#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
|
||||
|
||||
@ -313,6 +313,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
|
||||
{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
|
||||
{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"},
|
||||
{ERR_REASON(SSL_R_BAD_DATA) ,"bad data"},
|
||||
{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
|
||||
{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"},
|
||||
{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"},
|
||||
@ -461,6 +462,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
|
||||
{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
|
||||
{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
|
||||
{ERR_REASON(SSL_R_NO_PEM_EXTENSIONS) ,"no pem extensions"},
|
||||
{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
|
||||
{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
|
||||
{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
|
||||
@ -488,6 +490,8 @@ static ERR_STRING_DATA SSL_str_reasons[]=
|
||||
{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
|
||||
{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"},
|
||||
{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
|
||||
{ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX) ,"pem name bad prefix"},
|
||||
{ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT) ,"pem name too short"},
|
||||
{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
|
||||
{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
|
||||
{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
|
||||
|
||||
@ -1012,7 +1012,7 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
|
||||
/* There must be at least one extension in this file */
|
||||
if (num_extensions == 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_NO_PEM_EXTENSIONS);
|
||||
goto end;
|
||||
}
|
||||
else /* End of file, we're done */
|
||||
@ -1021,18 +1021,18 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
|
||||
/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
|
||||
if (strlen(name) < strlen(namePrefix))
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
|
||||
goto end;
|
||||
}
|
||||
if (strncmp(name, namePrefix, strlen(namePrefix)) != 0)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_BAD_PREFIX);
|
||||
goto end;
|
||||
}
|
||||
/* Check that the decoded PEM data is plausible (valid length field) */
|
||||
if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4)
|
||||
{
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);
|
||||
SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
|
||||
goto end;
|
||||
}
|
||||
/* Append the decoded extension to the serverinfo buffer */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user