Add handling for errors on the TLS config and properly check/handle

failures when setting the CA file.
author: jsing <> 2017-03-07 12:52:14 +0000
committer: jsing <> 2017-03-07 12:52:14 +0000
commit: 65981caf151f1a193fa20339f56174976bfbb6ad (patch)
tree: fb46e88eedcca9dc7bf09b0d66fe3633ac8f4011 /src/regress/lib/libtls
parent: 15eae26cf80fdf64bffd0944aa6c5cd5e33f4785 (diff)
download: openbsd-65981caf151f1a193fa20339f56174976bfbb6ad.tar.gz
openbsd-65981caf151f1a193fa20339f56174976bfbb6ad.tar.bz2
openbsd-65981caf151f1a193fa20339f56174976bfbb6ad.zip
2 files changed, 23 insertions, 6 deletions
diff --git a/src/regress/lib/libtls/gotls/tls.go b/src/regress/lib/libtls/gotls/tls.go
index 4ce92eaef8..c6aab7789f 100644
--- a/src/regress/lib/libtls/gotls/tls.go
+++ b/src/regress/lib/libtls/gotls/tls.go
@@ -53,11 +53,22 @@ func NewConfig() (*TLSConfig, error) {
        }, nil
 }
+// Error returns the error message from the TLS configuration.
+func (c *TLSConfig) Error() error {
+        if msg := C.tls_config_error(c.tlsCfg); msg != nil {
+                return errors.New(C.GoString(msg))
+        }
+        return errors.New("unknown error")
+}
 // SetCAFile sets the CA file to be used for connections.
-func (c *TLSConfig) SetCAFile(filename string) {
+func (c *TLSConfig) SetCAFile(filename string) error {
        caFile := C.CString(filename)
        defer C.free(unsafe.Pointer(caFile))
-        C.tls_config_set_ca_file(c.tlsCfg, caFile)
+        if C.tls_config_set_ca_file(c.tlsCfg, caFile) != 0 {
+                return c.Error()
+        }
+        return nil
 }
 // InsecureNoVerifyCert disables certificate verification for the connection.
diff --git a/src/regress/lib/libtls/gotls/tls_test.go b/src/regress/lib/libtls/gotls/tls_test.go
index 3a430924a7..f48be5ddda 100644
--- a/src/regress/lib/libtls/gotls/tls_test.go
+++ b/src/regress/lib/libtls/gotls/tls_test.go
@@ -21,7 +21,7 @@ const (
 var (
        certNotBefore = time.Unix(0, 0)
-        certNotAfter = certNotBefore.Add(1000000 * time.Hour)
+        certNotAfter  = certNotBefore.Add(1000000 * time.Hour)
 )
 // createCAFile writes a PEM encoded version of the certificate out to a
@@ -81,7 +81,9 @@ func TestTLSBasic(t *testing.T) {
                t.Fatal(err)
        }
        defer cfg.Free()
-        cfg.SetCAFile(caFile)
+        if err := cfg.SetCAFile(caFile); err != nil {
+                t.Fatal(err)
+        }
        tls, err := NewClient(cfg)
        if err != nil {
@@ -135,7 +137,9 @@ func TestTLSSingleByteReadWrite(t *testing.T) {
                t.Fatal(err)
        }
        defer cfg.Free()
-        cfg.SetCAFile(caFile)
+        if err := cfg.SetCAFile(caFile); err != nil {
+                t.Fatal(err)
+        }
        tls, err := NewClient(cfg)
        if err != nil {
@@ -202,7 +206,9 @@ func TestTLSInfo(t *testing.T) {
                t.Fatal(err)
        }
        defer cfg.Free()
-        cfg.SetCAFile(caFile)
+        if err := cfg.SetCAFile(caFile); err != nil {
+                t.Fatal(err)
+        }
        tls, err := NewClient(cfg)
        if err != nil {
author	jsing <>	2017-03-07 12:52:14 +0000
committer	jsing <>	2017-03-07 12:52:14 +0000
commit	65981caf151f1a193fa20339f56174976bfbb6ad (patch)
tree	fb46e88eedcca9dc7bf09b0d66fe3633ac8f4011 /src/regress/lib/libtls
parent	15eae26cf80fdf64bffd0944aa6c5cd5e33f4785 (diff)
download	openbsd-65981caf151f1a193fa20339f56174976bfbb6ad.tar.gz openbsd-65981caf151f1a193fa20339f56174976bfbb6ad.tar.bz2 openbsd-65981caf151f1a193fa20339f56174976bfbb6ad.zip