diff options
| author | Arne Schwabe | 2023-08-11 14:15:03 +0200 |
|---|---|---|
| committer | Gert Doering | 2023-08-11 20:22:20 +0200 |
| commit | 101499a43d222dcefbf5c6fc6f8b71a4f5d1f533 (patch) | |
| tree | 23014c74274bd223201c8c1093f90faefc914311 /src/openvpn/crypto_openssl.c | |
| parent | 09e2360a163077001fd33f2f338cf337b45b9ab6 (diff) | |
| download | openvpn-101499a43d222dcefbf5c6fc6f8b71a4f5d1f533.zip openvpn-101499a43d222dcefbf5c6fc6f8b71a4f5d1f533.tar.gz | |
show extra info for OpenSSL errors
This also shows the extra data from the OpenSSL error function that
can contain extra information. For example, the command
openvpn --providers vollbit
will print out (on macOS):
OpenSSL: error:12800067:DSO support routines::could not load the shared library:filename(/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib): dlopen(/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib, 0x0002): tried: '/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib' (no such file), '/System/Volumes/Preboot/Cryptexes/OS/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib' (no such file), '/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib' (no such file)
Patch v2: Format message more like current messages
Change-Id: Ic2ee89937dcd85721bcacd1b700a20c640364f80
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20230811121503.4159089-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26929.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 0f8485f2870277fb7ccdb4097380e35dc35b064e)
Diffstat (limited to 'src/openvpn/crypto_openssl.c')
| -rw-r--r-- | src/openvpn/crypto_openssl.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index f5372f8..739cf4c 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -240,9 +240,16 @@ void crypto_print_openssl_errors(const unsigned int flags) { unsigned long err = 0; + int line, errflags; + const char *file, *data, *func; - while ((err = ERR_get_error())) + while ((err = ERR_get_error_all(&file, &line, &func, &data, &errflags)) != 0) { + if (!(errflags & ERR_TXT_STRING)) + { + data = ""; + } + /* Be more clear about frequently occurring "no shared cipher" error */ if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER) { @@ -260,7 +267,17 @@ crypto_print_openssl_errors(const unsigned int flags) "tls-version-min 1.0 to the client configuration to use TLS 1.0+ " "instead of TLS 1.0 only"); } - msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL)); + + /* print file and line if verb >=8 */ + if (!check_debug_level(D_TLS_DEBUG_MED)) + { + msg(flags, "OpenSSL: %s:%s", ERR_error_string(err, NULL), data); + } + else + { + msg(flags, "OpenSSL: %s:%s:%s:%d:%s", ERR_error_string(err, NULL), + data, file, line, func); + } } } |