Commit a8916813 authored by Pekka Pessi's avatar Pekka Pessi

tport_tls.c, tport_type_tls.c: be quiet about certificate errors.

Do not complain about bad certficates if the certificate directory has not
been defined.

darcs-hash:20060530182345-65a35-6998382d69d9db01eeb70aaee2c3663d3672685a.gz
parent a55b93e7
...@@ -195,26 +195,30 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti) ...@@ -195,26 +195,30 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
BIO_printf(tls->bio_err, "%s: invalid certificate: %s\n", BIO_printf(tls->bio_err, "%s: invalid certificate: %s\n",
"tls_init_context", ti->cert); "tls_init_context", ti->cert);
ERR_print_errors(tls->bio_err); ERR_print_errors(tls->bio_err);
}
#if require_client_certificate #if require_client_certificate
errno = EIO; errno = EIO;
return -1; return -1;
#endif #endif
}
} }
if (!SSL_CTX_use_PrivateKey_file(tls->ctx, if (!SSL_CTX_use_PrivateKey_file(tls->ctx,
ti->key, ti->key,
SSL_FILETYPE_PEM)) { SSL_FILETYPE_PEM)) {
ERR_print_errors(tls->bio_err); if (ti->configured > 0) {
ERR_print_errors(tls->bio_err);
#if require_client_certificate #if require_client_certificate
errno = EIO; errno = EIO;
return -1; return -1;
#endif #endif
}
} }
if (!SSL_CTX_check_private_key(tls->ctx)) { if (!SSL_CTX_check_private_key(tls->ctx)) {
BIO_printf(tls->bio_err, if (ti->configured > 0) {
"Private key does not match the certificate public key\n"); BIO_printf(tls->bio_err,
"Private key does not match the certificate public key\n");
}
#if require_client_certificate #if require_client_certificate
errno = EIO; errno = EIO;
return -1; return -1;
...@@ -224,7 +228,8 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti) ...@@ -224,7 +228,8 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
if (!SSL_CTX_load_verify_locations(tls->ctx, if (!SSL_CTX_load_verify_locations(tls->ctx,
ti->CAfile, ti->CAfile,
ti->CApath)) { ti->CApath)) {
ERR_print_errors(tls->bio_err); if (ti->configured > 0)
ERR_print_errors(tls->bio_err);
errno = EIO; errno = EIO;
return -1; return -1;
} }
......
...@@ -159,6 +159,7 @@ static int tport_tls_init_master(tport_primary_t *pri, ...@@ -159,6 +159,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
char const *path = NULL; char const *path = NULL;
unsigned tls_version = 1; unsigned tls_version = 1;
su_home_t autohome[SU_HOME_AUTO_SIZE(1024)]; su_home_t autohome[SU_HOME_AUTO_SIZE(1024)];
tls_issues_t ti = {0};
su_home_auto(autohome, sizeof autohome); su_home_auto(autohome, sizeof autohome);
...@@ -178,7 +179,6 @@ static int tport_tls_init_master(tport_primary_t *pri, ...@@ -178,7 +179,6 @@ static int tport_tls_init_master(tport_primary_t *pri,
} }
if (path) { if (path) {
tls_issues_t ti = {0};
ti.verify_depth = 2; ti.verify_depth = 2;
ti.configured = path != tbf; ti.configured = path != tbf;
ti.randFile = su_sprintf(autohome, "%s/%s", path, "tls_seed.dat"); ti.randFile = su_sprintf(autohome, "%s/%s", path, "tls_seed.dat");
...@@ -197,7 +197,12 @@ static int tport_tls_init_master(tport_primary_t *pri, ...@@ -197,7 +197,12 @@ static int tport_tls_init_master(tport_primary_t *pri,
su_home_zap(autohome); su_home_zap(autohome);
if (!tlspri->tlspri_master) { if (!tlspri->tlspri_master) {
SU_DEBUG_3(("tls_init_master: %s\n", strerror(errno))); if (!path || ti.configured) {
SU_DEBUG_1(("tls_init_master: %s\n", strerror(errno)));
}
else {
SU_DEBUG_5(("tls_init_master: %s\n", strerror(errno)));
}
return *return_culprit = "tls_init_master", -1; return *return_culprit = "tls_init_master", -1;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment