diff options
| author | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-02-03 23:44:35 +0000 |
|---|---|---|
| committer | brain <brain@e03df62e-2008-0410-955e-edbf42e46eb7> | 2007-02-03 23:44:35 +0000 |
| commit | 0373c41ebd98c29ccaf71564c6ad23000189230d (patch) | |
| tree | 8c36a69d8e5ddcb2a919dc8d3272f5c42cc0347f /src/modules/extra | |
| parent | 69ee4628395f3493e2121b0458c298f253933be9 (diff) | |
Better error reporting of failures to read certs in gnutls by calling gnutls_strerror(). Man this api is so much nicer than the ugly one in ssl :)
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@6487 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/extra')
| -rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 4ccf197cc..04153dc3c 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -192,15 +192,17 @@ class ModuleSSLGnuTLS : public Module if(keyfile[0] != '/') keyfile = confdir + keyfile; - if(gnutls_certificate_set_x509_trust_file(x509_cred, cafile.c_str(), GNUTLS_X509_FMT_PEM) < 0) - ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 trust file: %s", cafile.c_str()); - - if(gnutls_certificate_set_x509_crl_file (x509_cred, crlfile.c_str(), GNUTLS_X509_FMT_PEM) < 0) - ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 CRL file: %s", crlfile.c_str()); - + int ret; + + if((ret =gnutls_certificate_set_x509_trust_file(x509_cred, cafile.c_str(), GNUTLS_X509_FMT_PEM)) < 0) + ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 trust file '%s': %s", cafile.c_str(), gnutls_strerror(ret)); + + if((ret = gnutls_certificate_set_x509_crl_file (x509_cred, crlfile.c_str(), GNUTLS_X509_FMT_PEM)) < 0) + ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 CRL file '%s': %s", crlfile.c_str(), gnutls_strerror(ret)); + // Guessing on the return value of this, manual doesn't say :| - if(gnutls_certificate_set_x509_key_file (x509_cred, certfile.c_str(), keyfile.c_str(), GNUTLS_X509_FMT_PEM) < 0) - ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 certificate and key files: %s and %s", certfile.c_str(), keyfile.c_str()); + if((ret = gnutls_certificate_set_x509_key_file (x509_cred, certfile.c_str(), keyfile.c_str(), GNUTLS_X509_FMT_PEM)) < 0) + ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to set X.509 certificate and key files '%s' and '%s': %s", certfile.c_str(), keyfile.c_str(), gnutls_strerror(ret)); // This may be on a large (once a day or week) timer eventually. GenerateDHParams(); @@ -215,8 +217,10 @@ class ModuleSSLGnuTLS : public Module // once a day, once a week or once a month. Depending on the // security requirements. - if(gnutls_dh_params_generate2(dh_params, dh_bits) < 0) - ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to generate DH parameters (%d bits)", dh_bits); + int ret; + + if((ret = gnutls_dh_params_generate2(dh_params, dh_bits)) < 0) + ServerInstance->Log(DEFAULT, "m_ssl_gnutls.so: Failed to generate DH parameters (%d bits): %s", dh_bits, gnutls_strerror(ret)); } virtual ~ModuleSSLGnuTLS() |