diff options
-rw-r--r-- | src/src/tls-openssl.c | 29 | ||||
-rw-r--r-- | test/scripts/5600-OCSP-OpenSSL/5601 | 4 | ||||
-rw-r--r-- | test/scripts/5600-OCSP-OpenSSL/5611 | 4 | ||||
-rw-r--r-- | test/scripts/5740-OCSP-OpenSSL-events/5740 | 4 |
4 files changed, 24 insertions, 17 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index eb18d64d3..906c98cef 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -903,10 +903,12 @@ DEBUG(D_tls) str = where & SSL_CB_READ ? US"read" : US"write", SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret)); else if (where & SSL_CB_EXIT) - if (ret == 0) - debug_printf("%s: failed in %s\n", str, SSL_state_string_long(s)); - else if (ret < 0) - debug_printf("%s: error in %s\n", str, SSL_state_string_long(s)); + { + if (ret == 0) + debug_printf("%s: failed in %s\n", str, SSL_state_string_long(s)); + else if (ret < 0) + debug_printf("%s: error in %s\n", str, SSL_state_string_long(s)); + } else if (where & SSL_CB_HANDSHAKE_START) debug_printf("%s: hshake start: %s\n", str, SSL_state_string_long(s)); else if (where & SSL_CB_HANDSHAKE_DONE) @@ -1247,10 +1249,14 @@ int status, reason, i; DEBUG(D_tls) debug_printf("tls_ocsp_file (%s) '%s'\n", is_pem ? "PEM" : "DER", filename); +if (!filename || !*filename) return; + +ERR_clear_error(); if (!(bio = BIO_new_file(CS filename, "rb"))) { - DEBUG(D_tls) debug_printf("Failed to open OCSP response file \"%s\"\n", - filename); + log_write(0, LOG_MAIN|LOG_PANIC, + "Failed to open OCSP response file \"%s\": %.100s", + filename, ERR_reason_error_string(ERR_get_error())); return; } @@ -1261,8 +1267,8 @@ if (is_pem) long len; if (!PEM_read_bio(bio, &dummy, &dummy, &data, &len)) { - DEBUG(D_tls) debug_printf("Failed to read PEM file \"%s\"\n", - filename); + log_write(0, LOG_MAIN|LOG_PANIC, "Failed to read PEM file \"%s\": %.100s", + filename, ERR_reason_error_string(ERR_get_error())); return; } freep = data; @@ -1275,7 +1281,8 @@ BIO_free(bio); if (!resp) { - DEBUG(D_tls) debug_printf("Error reading OCSP response.\n"); + log_write(0, LOG_MAIN|LOG_PANIC, "Error reading OCSP response from \"%s\": %s", + filename, ERR_reason_error_string(ERR_get_error())); return; } @@ -3117,7 +3124,7 @@ if (rc <= 0) /* Handle genuine errors */ case SSL_ERROR_SSL: { - uschar * s = US"SSL_accept"; + uschar * s = NULL; int r = ERR_GET_REASON(ERR_peek_error()); if ( r == SSL_R_WRONG_VERSION_NUMBER #ifdef SSL_R_VERSION_TOO_LOW @@ -3125,7 +3132,7 @@ if (rc <= 0) #endif || r == SSL_R_UNKNOWN_PROTOCOL || r == SSL_R_UNSUPPORTED_PROTOCOL) s = string_sprintf("%s (%s)", s, SSL_get_version(ssl)); - (void) tls_error(s, NULL, sigalrm_seen ? US"timed out" : NULL, errstr); + (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : s, errstr); return FAIL; } diff --git a/test/scripts/5600-OCSP-OpenSSL/5601 b/test/scripts/5600-OCSP-OpenSSL/5601 index ecc763510..7a870425f 100644 --- a/test/scripts/5600-OCSP-OpenSSL/5601 +++ b/test/scripts/5600-OCSP-OpenSSL/5601 @@ -2,7 +2,7 @@ # # # Client works when we request but don't require OCSP stapling and none comes -exim -bd -oX PORT_D -DSERVER=server -DRETURN=/dev/null +exim -bd -oX PORT_D -DSERVER=server -DRETURN="" **** exim norequire@test.ex test message. @@ -35,7 +35,7 @@ killdaemon # # # Client fails on lack of required stapled info -exim -bd -oX PORT_D -DSERVER=server -DRETURN=/dev/null +exim -bd -oX PORT_D -DSERVER=server -DRETURN="" **** exim CALLER@test.ex test message. diff --git a/test/scripts/5600-OCSP-OpenSSL/5611 b/test/scripts/5600-OCSP-OpenSSL/5611 index cb8f44fe1..695406491 100644 --- a/test/scripts/5600-OCSP-OpenSSL/5611 +++ b/test/scripts/5600-OCSP-OpenSSL/5611 @@ -2,7 +2,7 @@ # # # Client works when we request but don't require OCSP stapling and none comes -exim -bd -oX PORT_D -DSERVER=server -DRETURN=/dev/null +exim -bd -oX PORT_D -DSERVER=server -DRETURN="" **** exim norequire@test.ex test message. @@ -35,7 +35,7 @@ killdaemon # # # Client fails on lack of required stapled info -exim -bd -oX PORT_D -DSERVER=server -DRETURN=/dev/null +exim -bd -oX PORT_D -DSERVER=server -DRETURN="" **** exim CALLER@test.ex test message. diff --git a/test/scripts/5740-OCSP-OpenSSL-events/5740 b/test/scripts/5740-OCSP-OpenSSL-events/5740 index 414430630..fd137b012 100644 --- a/test/scripts/5740-OCSP-OpenSSL-events/5740 +++ b/test/scripts/5740-OCSP-OpenSSL-events/5740 @@ -3,7 +3,7 @@ # # # Client works when we request but don't require OCSP stapling and none comes -exim -bd -oX PORT_D -DSERVER=server -DRETURN=/dev/null +exim -bd -oX PORT_D -DSERVER=server -DRETURN="" **** exim norequire_1@test.ex test message. @@ -45,7 +45,7 @@ killdaemon # # # Client fails on lack of required stapled info -exim -bd -oX PORT_D -DSERVER=server -DRETURN=/dev/null +exim -bd -oX PORT_D -DSERVER=server -DRETURN="" **** exim failrequire@test.ex test message. |