Re: [Pgpool-hackers] [PATCH] Add descriptive error messages for OpenSSL related failures

Tue, 02 Feb 2010 19:00:39 -0800 

Sean,

> All previously handled errors related to the OpenSSL engine are now
> handled with a macro and a small static function in order to both
> produce more informative errors as well as commonize some duplicate
> code in pool_ssl.c

Thanks for the patches. However following fragment does not apply
cleanly. Can you please regenerate patches against CVS HEAD? Or
provide me in a different patch style?
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

-------------------------------------------------------------
***************
*** 145,171 ****
                if (strlen(pool_config->ssl_ca_cert_dir))
                        cacert_dir = pool_config->ssl_ca_cert_dir;
      
-               if ( (!error) && (cacert || cacert_dir) ) {
-                       if (! SSL_CTX_load_verify_locations(cp->ssl_ctx, 
cacert, cacert_dir)) {
-                               pool_error("pool_ssl: SSL CA load error: %ld", 
ERR_get_error());   
-                               error = -1;
-                       } else {
-                               SSL_CTX_set_verify(cp->ssl_ctx, 
SSL_VERIFY_PEER, NULL);
-                       }
                }
- 
        }
  
-       if (! error) {
-               cp->ssl = SSL_new(cp->ssl_ctx);
-               if (! cp->ssl) {
-                       pool_error("pool_ssl: SSL_new failed: %ld", 
ERR_get_error());
-                       error = -1;
-               }
        }
  
-       return error;
  }
  
  #else /* USE_SSL: wrap / no-op ssl functionality if it's not available */
- - 
--- 152,189 ----
                if (strlen(pool_config->ssl_ca_cert_dir))
                        cacert_dir = pool_config->ssl_ca_cert_dir;
      
+               if ( cacert || cacert_dir ) {
+                       error = (!SSL_CTX_load_verify_locations(cp->ssl_ctx,
+                                                               cacert,
+                                                               cacert_dir));
+                       SSL_RETURN_ERROR_IF(error, "SSL verification setup");
+                       SSL_CTX_set_verify(cp->ssl_ctx, SSL_VERIFY_PEER, NULL);
                }
        }
  
+       cp->ssl = SSL_new(cp->ssl_ctx);
+       SSL_RETURN_ERROR_IF( (! cp->ssl), "SSL_new");
+ 
+       return 0;
+ }
+ 
+ static void perror_ssl(const char *context) {
+       unsigned long err;
+       static const char *no_err_reason = "no SSL error reported";
+       const char *reason;
+ 
+       err = ERR_get_error();
+       if (! err) {
+               reason = no_err_reason;
+       } else {
+               reason = ERR_reason_error_string(err);
        }
  
+       if (reason != NULL) {
+               pool_error("pool_ssl: %s: %s", context, reason);
+       } else {
+               pool_error("pool_ssl: %s: Unknown SSL error %lu", context, err);
+       }
  }
  
  #else /* USE_SSL: wrap / no-op ssl functionality if it's not available */
_______________________________________________
Pgpool-hackers mailing list
[email protected]
http://pgfoundry.org/mailman/listinfo/pgpool-hackers

Reply via email to