From ff826d3cb94a579275eb6e97b3cf80ca69016d4b Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 7 Feb 2015 09:50:09 +0000
Subject: Convert tls_connect_fds() and tls_accept_socket() to the new OpenSSL
 error dance handling code. This means that we get slightly useful messages
 when a TLS connection or accept fails.

Requested by reyk@
---
 src/lib/libtls/tls_server.c | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

(limited to 'src/lib/libtls/tls_server.c')

diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 8d71d2790f..8f34ecdded 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.4 2015/02/07 06:19:26 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.5 2015/02/07 09:50:09 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -102,7 +102,7 @@ int
 tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
 {
 	struct tls *conn_ctx = *cctx;
-	int ret, ssl_err;
+	int ret, err;
 	
 	if ((ctx->flags & TLS_SERVER) == 0) {
 		tls_set_error(ctx, "not a server context");
@@ -131,16 +131,11 @@ tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
 	}
 
 	if ((ret = SSL_accept(conn_ctx->ssl_conn)) != 1) {
-		ssl_err = SSL_get_error(conn_ctx->ssl_conn, ret);
-		switch (ssl_err) {
-		case SSL_ERROR_WANT_READ:
-			return (TLS_READ_AGAIN);
-		case SSL_ERROR_WANT_WRITE:
-			return (TLS_WRITE_AGAIN);
-		default:
-			tls_set_error(ctx, "TLS accept failed (%i)", ssl_err);
-			goto err;
+		err = tls_ssl_error(conn_ctx, ret, "accept");
+		if (err == TLS_READ_AGAIN || err == TLS_WRITE_AGAIN) {
+			return (err);
 		}
+		goto err;
 	}
 
 	return (0);
-- 
cgit v1.2.3-55-g6feb