summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2007-02-03 23:39:13 +0000
committerbrain <brain@e03df62e-2008-0410-955e-edbf42e46eb7>2007-02-03 23:39:13 +0000
commit69ee4628395f3493e2121b0458c298f253933be9 (patch)
treea56c2e75771b31191f671c6ef0eefe418b5c73c0
parent36244c4ddfdf9dc4196dacb2c2f2159609973b20 (diff)
Better logging for openssl, using SSL_print_error_cb() which calls a callback for error output (the default of outputting to stdout sucks)
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@6486 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp36
1 files changed, 26 insertions, 10 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 768973d0a..9912f3669 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -53,6 +53,8 @@ char* get_error()
return ERR_error_string(ERR_get_error(), NULL);
}
+static int error_callback(const char *str, size_t len, void *u);
+
/** Represents an SSL user's extra data
*/
class issl_session : public classbase
@@ -115,9 +117,11 @@ class ModuleSSLOpenSSL : public Module
std::string dhfile;
public:
-
+
+ InspIRCd* PublicInstance;
+
ModuleSSLOpenSSL(InspIRCd* Me)
- : Module::Module(Me)
+ : Module::Module(Me), PublicInstance(Me)
{
culllist = new CullList(ServerInstance);
@@ -222,21 +226,26 @@ class ModuleSSLOpenSSL : public Module
if (dhfile[0] != '/')
dhfile = confdir + dhfile;
- /* Load our keys and certificates*/
+ /* Load our keys and certificates
+ * NOTE: OpenSSL's error logging API sucks, don't blame us for this clusterfuck.
+ */
if ((!SSL_CTX_use_certificate_chain_file(ctx, certfile.c_str())) || (!SSL_CTX_use_certificate_chain_file(clictx, certfile.c_str())))
{
- ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Can't read certificate file %s", certfile.c_str());
+ ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Can't read certificate file %s. %s", certfile.c_str(), strerror(errno));
+ ERR_print_errors_cb(error_callback, this);
}
- if ((!SSL_CTX_use_PrivateKey_file(ctx, keyfile.c_str(), SSL_FILETYPE_PEM)) || (!SSL_CTX_use_PrivateKey_file(clictx, keyfile.c_str(), SSL_FILETYPE_PEM)))
+ if (((!SSL_CTX_use_PrivateKey_file(ctx, keyfile.c_str(), SSL_FILETYPE_PEM))) || (!SSL_CTX_use_PrivateKey_file(clictx, keyfile.c_str(), SSL_FILETYPE_PEM)))
{
- ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Can't read key file %s", keyfile.c_str());
+ ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Can't read key file %s. %s", keyfile.c_str(), strerror(errno));
+ ERR_print_errors_cb(error_callback, this);
}
/* Load the CAs we trust*/
- if ((!SSL_CTX_load_verify_locations(ctx, cafile.c_str(), 0)) || (!SSL_CTX_load_verify_locations(clictx, cafile.c_str(), 0)))
+ if (((!SSL_CTX_load_verify_locations(ctx, cafile.c_str(), 0))) || (!SSL_CTX_load_verify_locations(clictx, cafile.c_str(), 0)))
{
- ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Can't read CA list from ", cafile.c_str());
+ ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Can't read CA list from %s. %s", cafile.c_str(), strerror(errno));
+ ERR_print_errors_cb(error_callback, this);
}
FILE* dhpfile = fopen(dhfile.c_str(), "r");
@@ -250,10 +259,10 @@ class ModuleSSLOpenSSL : public Module
else
{
ret = PEM_read_DHparams(dhpfile, NULL, NULL, NULL);
-
if ((SSL_CTX_set_tmp_dh(ctx, ret) < 0) || (SSL_CTX_set_tmp_dh(clictx, ret) < 0))
{
- ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Couldn't set DH parameters");
+ ServerInstance->Log(DEFAULT, "m_ssl_openssl.so: Couldn't set DH parameters %s. SSL errors follow:", dhfile.c_str());
+ ERR_print_errors_cb(error_callback, this);
}
}
@@ -807,6 +816,13 @@ class ModuleSSLOpenSSL : public Module
}
};
+static int error_callback(const char *str, size_t len, void *u)
+{
+ ModuleSSLOpenSSL* mssl = (ModuleSSLOpenSSL*)u;
+ mssl->PublicInstance->Log(DEFAULT, "SSL error: " + std::string(str, len - 1));
+ return 0;
+}
+
class ModuleSSLOpenSSLFactory : public ModuleFactory
{
public: