diff options
| author | jsing <> | 2016-04-28 16:48:44 +0000 |
|---|---|---|
| committer | jsing <> | 2016-04-28 16:48:44 +0000 |
| commit | 2666540eb58ec0e76b541248bed9d159e6a2ccea (patch) | |
| tree | 2228658d31ed91575cce8bbc0cc1f0394cb96787 /src/lib/libtls/tls_config.c | |
| parent | 8da506fe86ae4114f94c896522d4bf388c1bfded (diff) | |
| download | openbsd-2666540eb58ec0e76b541248bed9d159e6a2ccea.tar.gz openbsd-2666540eb58ec0e76b541248bed9d159e6a2ccea.tar.bz2 openbsd-2666540eb58ec0e76b541248bed9d159e6a2ccea.zip | |
Rework the error handling in libtls so that we can associate errors with
both configuration and contexts. This allows us to propagate errors that
occur during configuration, rather than either just failing with no reason
or delaying the failure until it can be propagated via the tls context.
Also provide a tls_config_error() function for retrieving the last error
from a tls_config *.
ok bcook@
Diffstat (limited to 'src/lib/libtls/tls_config.c')
| -rw-r--r-- | src/lib/libtls/tls_config.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 5ab2379628..9c2b5810f6 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_config.c,v 1.14 2015/09/29 10:17:04 deraadt Exp $ */ | 1 | /* $OpenBSD: tls_config.c,v 1.15 2016/04/28 16:48:44 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -99,6 +99,8 @@ tls_config_free(struct tls_config *config) | |||
| 99 | 99 | ||
| 100 | tls_config_clear_keys(config); | 100 | tls_config_clear_keys(config); |
| 101 | 101 | ||
| 102 | free(config->error.msg); | ||
| 103 | |||
| 102 | free((char *)config->ca_file); | 104 | free((char *)config->ca_file); |
| 103 | free((char *)config->ca_path); | 105 | free((char *)config->ca_path); |
| 104 | free((char *)config->cert_file); | 106 | free((char *)config->cert_file); |
| @@ -110,6 +112,12 @@ tls_config_free(struct tls_config *config) | |||
| 110 | free(config); | 112 | free(config); |
| 111 | } | 113 | } |
| 112 | 114 | ||
| 115 | const char * | ||
| 116 | tls_config_error(struct tls_config *config) | ||
| 117 | { | ||
| 118 | return config->error.msg; | ||
| 119 | } | ||
| 120 | |||
| 113 | void | 121 | void |
| 114 | tls_config_clear_keys(struct tls_config *config) | 122 | tls_config_clear_keys(struct tls_config *config) |
| 115 | { | 123 | { |
| @@ -232,8 +240,10 @@ tls_config_set_dheparams(struct tls_config *config, const char *params) | |||
| 232 | keylen = -1; | 240 | keylen = -1; |
| 233 | else if (strcasecmp(params, "legacy") == 0) | 241 | else if (strcasecmp(params, "legacy") == 0) |
| 234 | keylen = 1024; | 242 | keylen = 1024; |
| 235 | else | 243 | else { |
| 244 | tls_set_config_errorx(config, "invalid dhe param '%s'", params); | ||
| 236 | return (-1); | 245 | return (-1); |
| 246 | } | ||
| 237 | 247 | ||
| 238 | config->dheparams = keylen; | 248 | config->dheparams = keylen; |
| 239 | 249 | ||
| @@ -249,8 +259,10 @@ tls_config_set_ecdhecurve(struct tls_config *config, const char *name) | |||
| 249 | nid = NID_undef; | 259 | nid = NID_undef; |
| 250 | else if (strcasecmp(name, "auto") == 0) | 260 | else if (strcasecmp(name, "auto") == 0) |
| 251 | nid = -1; | 261 | nid = -1; |
| 252 | else if ((nid = OBJ_txt2nid(name)) == NID_undef) | 262 | else if ((nid = OBJ_txt2nid(name)) == NID_undef) { |
| 263 | tls_set_config_errorx(config, "invalid ecdhe curve '%s'", name); | ||
| 253 | return (-1); | 264 | return (-1); |
| 265 | } | ||
| 254 | 266 | ||
| 255 | config->ecdhecurve = nid; | 267 | config->ecdhecurve = nid; |
| 256 | 268 | ||