On Tue, May 16, 2023 at 02:51:44PM +0200, Omar Polo wrote:
> while debugging a pebkac in -portable, I noticed that in various
> places we use fatal() for libtls failures. errno doesn't generally
> contains anything useful after libtls functions, and in most it's
> explicitly cleared to avoid misuse.
>
> just to provide a quick example, with `listen on ... ciphers foobar':
>
> % doas smtpd -d
> info: OpenSMTPD 7.0.0 starting
> dispatcher: no ciphers for 'foobar': No such file or directory
> smtpd: process dispatcher socket closed
>
> So change most of them to fatalx which doesn't append errno. While
> here I'm also logging the actual error, via tls_config_error() or
> tls_error(), that before was missing.
>
> tls_config_new(), tls_server() and tls_client() failures are still
> logged with fatal(), which I believe it's correct.
>
> ok?
>
make sense, ok giovanni@
Cheers
Giovanni
