1 files changed, 17 insertions, 17 deletions
diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c
index 241c506676..168a7089fc 100644
--- a/src/lib/libtls/tls_client.c
+++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_client.c,v 1.20 2015/08/27 14:34:46 jsing Exp $ */
+/* $OpenBSD: tls_client.c,v 1.21 2015/08/27 15:26:50 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -95,12 +95,12 @@ tls_connect_servername(struct tls *ctx, const char *host, const char *port,
        int rv = -1, s = -1, ret;
        if ((ctx->flags & TLS_CLIENT) == 0) {
-                tls_set_error(ctx, "not a client context");
+                tls_set_errorx(ctx, "not a client context");
                goto err;
        }
        if (host == NULL) {
-                tls_set_error(ctx, "host not specified");
+                tls_set_errorx(ctx, "host not specified");
                goto err;
        }
@@ -111,7 +111,7 @@ tls_connect_servername(struct tls *ctx, const char *host, const char *port,
        if ((p = (char *)port) == NULL) {
                ret = tls_host_port(host, &hs, &ps);
                if (ret == -1) {
-                        tls_set_error(ctx, "memory allocation failure");
+                        tls_set_errorx(ctx, "memory allocation failure");
                        goto err;
                }
                if (ret != 0)
@@ -169,7 +169,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
        int ret, err;
        if ((ctx->flags & TLS_CLIENT) == 0) {
-                tls_set_error(ctx, "not a client context");
+                tls_set_errorx(ctx, "not a client context");
                goto err;
        }
@@ -177,12 +177,12 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
                goto connecting;
        if (fd_read < 0 || fd_write < 0) {
-                tls_set_error(ctx, "invalid file descriptors");
+                tls_set_errorx(ctx, "invalid file descriptors");
                return (-1);
        }
        if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
-                tls_set_error(ctx, "ssl context failure");
+                tls_set_errorx(ctx, "ssl context failure");
                goto err;
        }
@@ -191,7 +191,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
        if (ctx->config->verify_name) {
                if (servername == NULL) {
-                        tls_set_error(ctx, "server name not specified");
+                        tls_set_errorx(ctx, "server name not specified");
                        goto err;
                }
        }
@@ -201,19 +201,19 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
                if (ctx->config->ca_mem != NULL) {
                        if (ctx->config->ca_len > INT_MAX) {
-                                tls_set_error(ctx, "ca too long");
+                                tls_set_errorx(ctx, "ca too long");
                                goto err;
                        }
                        if (SSL_CTX_load_verify_mem(ctx->ssl_ctx,
                            ctx->config->ca_mem, ctx->config->ca_len) != 1) {
-                                tls_set_error(ctx,
+                                tls_set_errorx(ctx,
                                    "ssl verify memory setup failure");
                                goto err;
                        }
                } else if (SSL_CTX_load_verify_locations(ctx->ssl_ctx,
                    ctx->config->ca_file, ctx->config->ca_path) != 1) {
-                        tls_set_error(ctx, "ssl verify setup failure");
+                        tls_set_errorx(ctx, "ssl verify setup failure");
                        goto err;
                }
                if (ctx->config->verify_depth >= 0)
@@ -222,16 +222,16 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
        }
        if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
-                tls_set_error(ctx, "ssl connection failure");
+                tls_set_errorx(ctx, "ssl connection failure");
                goto err;
        }
        if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {
-                tls_set_error(ctx, "ssl application data failure");
+                tls_set_errorx(ctx, "ssl application data failure");
                goto err;
        }
        if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 ||
            SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {
-                tls_set_error(ctx, "ssl file descriptor failure");
+                tls_set_errorx(ctx, "ssl file descriptor failure");
                goto err;
        }
@@ -243,7 +243,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
            inet_pton(AF_INET, servername, &addrbuf) != 1 &&
            inet_pton(AF_INET6, servername, &addrbuf) != 1) {
                if (SSL_set_tlsext_host_name(ctx->ssl_conn, servername) == 0) {
-                        tls_set_error(ctx, "server name indication failure");
+                        tls_set_errorx(ctx, "server name indication failure");
                        goto err;
                }
        }
@@ -262,12 +262,12 @@ connecting:
        if (ctx->config->verify_name) {
                cert = SSL_get_peer_certificate(ctx->ssl_conn);
                if (cert == NULL) {
-                        tls_set_error(ctx, "no server certificate");
+                        tls_set_errorx(ctx, "no server certificate");
                        goto err;
                }
                if ((ret = tls_check_servername(ctx, cert, servername)) != 0) {
                        if (ret != -2)
-                                tls_set_error(ctx, "name `%s' not present in"
+                                tls_set_errorx(ctx, "name `%s' not present in"
                                    " server certificate", servername);
                        goto err;
                }

diff --git a/src/lib/libtls/tls_client.c b/src/lib/libtls/tls_client.c index 241c506676..168a7089fc 100644 --- a/src/lib/libtls/tls_client.c +++ b/src/lib/libtls/tls_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_client.c,v 1.20 2015/08/27 14:34:46 jsing Exp $ */	1	/* $OpenBSD: tls_client.c,v 1.21 2015/08/27 15:26:50 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -95,12 +95,12 @@ tls_connect_servername(struct tls ctx, const char host, const char *port,
95	int rv = -1, s = -1, ret;	95	int rv = -1, s = -1, ret;
96		96
97	if ((ctx->flags & TLS_CLIENT) == 0) {	97	if ((ctx->flags & TLS_CLIENT) == 0) {
98	tls_set_error(ctx, "not a client context");	98	tls_set_errorx(ctx, "not a client context");
99	goto err;	99	goto err;
100	}	100	}
101		101
102	if (host == NULL) {	102	if (host == NULL) {
103	tls_set_error(ctx, "host not specified");	103	tls_set_errorx(ctx, "host not specified");
104	goto err;	104	goto err;
105	}	105	}
106		106
@@ -111,7 +111,7 @@ tls_connect_servername(struct tls ctx, const char host, const char *port,
111	if ((p = (char *)port) == NULL) {	111	if ((p = (char *)port) == NULL) {
112	ret = tls_host_port(host, &hs, &ps);	112	ret = tls_host_port(host, &hs, &ps);
113	if (ret == -1) {	113	if (ret == -1) {
114	tls_set_error(ctx, "memory allocation failure");	114	tls_set_errorx(ctx, "memory allocation failure");
115	goto err;	115	goto err;
116	}	116	}
117	if (ret != 0)	117	if (ret != 0)
@@ -169,7 +169,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
169	int ret, err;	169	int ret, err;
170		170
171	if ((ctx->flags & TLS_CLIENT) == 0) {	171	if ((ctx->flags & TLS_CLIENT) == 0) {
172	tls_set_error(ctx, "not a client context");	172	tls_set_errorx(ctx, "not a client context");
173	goto err;	173	goto err;
174	}	174	}
175		175
@@ -177,12 +177,12 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
177	goto connecting;	177	goto connecting;
178		178
179	if (fd_read < 0 \|\| fd_write < 0) {	179	if (fd_read < 0 \|\| fd_write < 0) {
180	tls_set_error(ctx, "invalid file descriptors");	180	tls_set_errorx(ctx, "invalid file descriptors");
181	return (-1);	181	return (-1);
182	}	182	}
183		183
184	if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {	184	if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
185	tls_set_error(ctx, "ssl context failure");	185	tls_set_errorx(ctx, "ssl context failure");
186	goto err;	186	goto err;
187	}	187	}
188		188
@@ -191,7 +191,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
191		191
192	if (ctx->config->verify_name) {	192	if (ctx->config->verify_name) {
193	if (servername == NULL) {	193	if (servername == NULL) {
194	tls_set_error(ctx, "server name not specified");	194	tls_set_errorx(ctx, "server name not specified");
195	goto err;	195	goto err;
196	}	196	}
197	}	197	}
@@ -201,19 +201,19 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
201		201
202	if (ctx->config->ca_mem != NULL) {	202	if (ctx->config->ca_mem != NULL) {
203	if (ctx->config->ca_len > INT_MAX) {	203	if (ctx->config->ca_len > INT_MAX) {
204	tls_set_error(ctx, "ca too long");	204	tls_set_errorx(ctx, "ca too long");
205	goto err;	205	goto err;
206	}	206	}
207		207
208	if (SSL_CTX_load_verify_mem(ctx->ssl_ctx,	208	if (SSL_CTX_load_verify_mem(ctx->ssl_ctx,
209	ctx->config->ca_mem, ctx->config->ca_len) != 1) {	209	ctx->config->ca_mem, ctx->config->ca_len) != 1) {
210	tls_set_error(ctx,	210	tls_set_errorx(ctx,
211	"ssl verify memory setup failure");	211	"ssl verify memory setup failure");
212	goto err;	212	goto err;
213	}	213	}
214	} else if (SSL_CTX_load_verify_locations(ctx->ssl_ctx,	214	} else if (SSL_CTX_load_verify_locations(ctx->ssl_ctx,
215	ctx->config->ca_file, ctx->config->ca_path) != 1) {	215	ctx->config->ca_file, ctx->config->ca_path) != 1) {
216	tls_set_error(ctx, "ssl verify setup failure");	216	tls_set_errorx(ctx, "ssl verify setup failure");
217	goto err;	217	goto err;
218	}	218	}
219	if (ctx->config->verify_depth >= 0)	219	if (ctx->config->verify_depth >= 0)
@@ -222,16 +222,16 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
222	}	222	}
223		223
224	if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {	224	if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) {
225	tls_set_error(ctx, "ssl connection failure");	225	tls_set_errorx(ctx, "ssl connection failure");
226	goto err;	226	goto err;
227	}	227	}
228	if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {	228	if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) {
229	tls_set_error(ctx, "ssl application data failure");	229	tls_set_errorx(ctx, "ssl application data failure");
230	goto err;	230	goto err;
231	}	231	}
232	if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 \|\|	232	if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 \|\|
233	SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {	233	SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) {
234	tls_set_error(ctx, "ssl file descriptor failure");	234	tls_set_errorx(ctx, "ssl file descriptor failure");
235	goto err;	235	goto err;
236	}	236	}
237		237
@@ -243,7 +243,7 @@ tls_connect_fds(struct tls *ctx, int fd_read, int fd_write,
243	inet_pton(AF_INET, servername, &addrbuf) != 1 &&	243	inet_pton(AF_INET, servername, &addrbuf) != 1 &&
244	inet_pton(AF_INET6, servername, &addrbuf) != 1) {	244	inet_pton(AF_INET6, servername, &addrbuf) != 1) {
245	if (SSL_set_tlsext_host_name(ctx->ssl_conn, servername) == 0) {	245	if (SSL_set_tlsext_host_name(ctx->ssl_conn, servername) == 0) {
246	tls_set_error(ctx, "server name indication failure");	246	tls_set_errorx(ctx, "server name indication failure");
247	goto err;	247	goto err;
248	}	248	}
249	}	249	}
@@ -262,12 +262,12 @@ connecting:
262	if (ctx->config->verify_name) {	262	if (ctx->config->verify_name) {
263	cert = SSL_get_peer_certificate(ctx->ssl_conn);	263	cert = SSL_get_peer_certificate(ctx->ssl_conn);
264	if (cert == NULL) {	264	if (cert == NULL) {
265	tls_set_error(ctx, "no server certificate");	265	tls_set_errorx(ctx, "no server certificate");
266	goto err;	266	goto err;
267	}	267	}
268	if ((ret = tls_check_servername(ctx, cert, servername)) != 0) {	268	if ((ret = tls_check_servername(ctx, cert, servername)) != 0) {
269	if (ret != -2)	269	if (ret != -2)
270	tls_set_error(ctx, "name `%s' not present in"	270	tls_set_errorx(ctx, "name `%s' not present in"
271	" server certificate", servername);	271	" server certificate", servername);
272	goto err;	272	goto err;
273	}	273	}