Change SSLerror() back to taking two args, with the first one being an SSL *.

Make a table of "function codes" which maps the internal state of the SSL *
to something like a useful name so in a typical error in the connection you
know in what sort of place in the handshake things happened. (instead of
by arcane function name).
Add SSLerrorx() for when we don't have an SSL *
ok jsing@ after us both being prodded by bluhm@ to make it not terrible

1 files changed, 9 insertions, 9 deletions

diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c
index 9ffc27e9a7..d5d5996735 100644
--- a/src/lib/libssl/ssl_packet.c
+++ b/src/lib/libssl/ssl_packet.c
@@ -106,11 +106,11 @@ ssl_convert_sslv2_client_hello(SSL *s)
                 return -1;
 
         if (record_length < 9) {
-                SSLerror(SSL_R_RECORD_LENGTH_MISMATCH);
+                SSLerror(s, SSL_R_RECORD_LENGTH_MISMATCH);
                 return -1;
         }
         if (record_length > 4096) {
-                SSLerror(SSL_R_RECORD_TOO_LARGE);
+                SSLerror(s, SSL_R_RECORD_TOO_LARGE);
                 return -1;
         }
 
@@ -149,7 +149,7 @@ ssl_convert_sslv2_client_hello(SSL *s)
         if (!CBS_get_bytes(&cbs, &challenge, challenge_length))
                 return -1;
         if (CBS_len(&cbs) != 0) {
-                SSLerror(SSL_R_RECORD_LENGTH_MISMATCH);
+                SSLerror(s, SSL_R_RECORD_LENGTH_MISMATCH);
                 return -1;
         }
 
@@ -234,14 +234,14 @@ ssl_server_legacy_first_packet(SSL *s)
         if (ssl_is_sslv2_client_hello(&header) == 1) {
                 /* Only permit SSLv2 client hellos if TLSv1.0 is enabled. */
                 if (ssl_enabled_version_range(s, &min_version, NULL) != 1) {
-                        SSLerror(SSL_R_NO_PROTOCOLS_AVAILABLE);
+                        SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
                         return -1;
                 }
                 if (min_version > TLS1_VERSION)
                         return 1;
 
                 if (ssl_convert_sslv2_client_hello(s) != 1) {
-                        SSLerror(SSL_R_BAD_PACKET_LENGTH);
+                        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
                         return -1;
                 }
 
@@ -250,7 +250,7 @@ ssl_server_legacy_first_packet(SSL *s)
 
         /* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */
         if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) {
-                SSLerror(ERR_R_INTERNAL_ERROR);
+                SSLerror(s, ERR_R_INTERNAL_ERROR);
                 return -1;
         }
         data = (const char *)CBS_data(&header);
@@ -260,15 +260,15 @@ ssl_server_legacy_first_packet(SSL *s)
             strncmp("POST ", data, 5) == 0 ||
             strncmp("HEAD ", data, 5) == 0 ||
             strncmp("PUT ", data, 4) == 0) {
-                SSLerror(SSL_R_HTTP_REQUEST);
+                SSLerror(s, SSL_R_HTTP_REQUEST);
                 return -1;
         }
         if (strncmp("CONNE", data, 5) == 0) {
-                SSLerror(SSL_R_HTTPS_PROXY_REQUEST);
+                SSLerror(s, SSL_R_HTTPS_PROXY_REQUEST);
                 return -1;
         }
 
-        SSLerror(SSL_R_UNKNOWN_PROTOCOL);
+        SSLerror(s, SSL_R_UNKNOWN_PROTOCOL);
 
         return -1;
 }