1 files changed, 15 insertions, 3 deletions

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 5ab2379628..9c2b5810f6 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.14 2015/09/29 10:17:04 deraadt Exp $ */
+/* $OpenBSD: tls_config.c,v 1.15 2016/04/28 16:48:44 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -99,6 +99,8 @@ tls_config_free(struct tls_config *config)
 
         tls_config_clear_keys(config);
 
+        free(config->error.msg);
+
         free((char *)config->ca_file);
         free((char *)config->ca_path);
         free((char *)config->cert_file);
@@ -110,6 +112,12 @@ tls_config_free(struct tls_config *config)
         free(config);
 }
 
+const char *
+tls_config_error(struct tls_config *config)
+{
+        return config->error.msg;
+}
+
 void
 tls_config_clear_keys(struct tls_config *config)
 {
@@ -232,8 +240,10 @@ tls_config_set_dheparams(struct tls_config *config, const char *params)
                 keylen = -1;
         else if (strcasecmp(params, "legacy") == 0)
                 keylen = 1024;
-        else
+        else {
+                tls_set_config_errorx(config, "invalid dhe param '%s'", params);
                 return (-1);
+        }
 
         config->dheparams = keylen;
 
@@ -249,8 +259,10 @@ tls_config_set_ecdhecurve(struct tls_config *config, const char *name)
                 nid = NID_undef;
         else if (strcasecmp(name, "auto") == 0)
                 nid = -1;
-        else if ((nid = OBJ_txt2nid(name)) == NID_undef)
+        else if ((nid = OBJ_txt2nid(name)) == NID_undef) {
+                tls_set_config_errorx(config, "invalid ecdhe curve '%s'", name);
                 return (-1);
+        }
 
         config->ecdhecurve = nid;