Commit a8916813 authored by Pekka Pessi's avatar Pekka Pessi

tport_tls.c, tport_type_tls.c: be quiet about certificate errors.

Do not complain about bad certficates if the certificate directory has not
been defined.

darcs-hash:20060530182345-65a35-6998382d69d9db01eeb70aaee2c3663d3672685a.gz
parent a55b93e7
......@@ -195,26 +195,30 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
BIO_printf(tls->bio_err, "%s: invalid certificate: %s\n",
"tls_init_context", ti->cert);
ERR_print_errors(tls->bio_err);
}
#if require_client_certificate
errno = EIO;
return -1;
#endif
}
}
if (!SSL_CTX_use_PrivateKey_file(tls->ctx,
ti->key,
SSL_FILETYPE_PEM)) {
if (ti->configured > 0) {
ERR_print_errors(tls->bio_err);
#if require_client_certificate
errno = EIO;
return -1;
#endif
}
}
if (!SSL_CTX_check_private_key(tls->ctx)) {
if (ti->configured > 0) {
BIO_printf(tls->bio_err,
"Private key does not match the certificate public key\n");
}
#if require_client_certificate
errno = EIO;
return -1;
......@@ -224,6 +228,7 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
if (!SSL_CTX_load_verify_locations(tls->ctx,
ti->CAfile,
ti->CApath)) {
if (ti->configured > 0)
ERR_print_errors(tls->bio_err);
errno = EIO;
return -1;
......
......@@ -159,6 +159,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
char const *path = NULL;
unsigned tls_version = 1;
su_home_t autohome[SU_HOME_AUTO_SIZE(1024)];
tls_issues_t ti = {0};
su_home_auto(autohome, sizeof autohome);
......@@ -178,7 +179,6 @@ static int tport_tls_init_master(tport_primary_t *pri,
}
if (path) {
tls_issues_t ti = {0};
ti.verify_depth = 2;
ti.configured = path != tbf;
ti.randFile = su_sprintf(autohome, "%s/%s", path, "tls_seed.dat");
......@@ -197,7 +197,12 @@ static int tport_tls_init_master(tport_primary_t *pri,
su_home_zap(autohome);
if (!tlspri->tlspri_master) {
SU_DEBUG_3(("tls_init_master: %s\n", strerror(errno)));
if (!path || ti.configured) {
SU_DEBUG_1(("tls_init_master: %s\n", strerror(errno)));
}
else {
SU_DEBUG_5(("tls_init_master: %s\n", strerror(errno)));
}
return *return_culprit = "tls_init_master", -1;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment