diff options
author | Michael Kaufmann <mail@michael-kaufmann.ch> | 2016-05-31 16:25:56 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-05-31 19:52:45 +0200 |
commit | 7108e53fb58a194df54149e3a52c7df006f24ae7 (patch) | |
tree | 857b47b6487702d35d9a886ed8c61124342c2f72 | |
parent | 6dbc23cfd86bbf8c1616759068a5909ced3dcc99 (diff) |
openssl: Use correct buffer sizes for error messages
Closes #844
-rw-r--r-- | lib/vtls/openssl.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 592bea5ff..fc1517864 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -930,8 +930,8 @@ int Curl_ossl_shutdown(struct connectdata *conn, int sockindex) int retval = 0; struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct SessionHandle *data = conn->data; - char buf[120]; /* We will use this for the OpenSSL error buffer, so it has - to be at least 120 bytes long. */ + char buf[256]; /* We will use this for the OpenSSL error buffer, so it has + to be at least 256 bytes long. */ unsigned long sslerror; ssize_t nread; int buffsize; @@ -980,7 +980,7 @@ int Curl_ossl_shutdown(struct connectdata *conn, int sockindex) /* openssl/ssl.h says "look at error stack/return value/errno" */ sslerror = ERR_get_error(); failf(conn->data, OSSL_PACKAGE " SSL read: %s, errno %d", - ERR_error_string(sslerror, buf), + SSL_strerror(sslerror, buf, sizeof(buf)), SOCKERRNO); done = 1; break; @@ -3012,7 +3012,7 @@ static ssize_t ossl_send(struct connectdata *conn, /* SSL_write() is said to return 'int' while write() and send() returns 'size_t' */ int err; - char error_buffer[120]; /* OpenSSL documents that this must be at least 120 + char error_buffer[256]; /* OpenSSL documents that this must be at least 256 bytes long. */ unsigned long sslerror; int memlen; @@ -3044,7 +3044,7 @@ static ssize_t ossl_send(struct connectdata *conn, The OpenSSL error queue contains more information on the error. */ sslerror = ERR_get_error(); failf(conn->data, "SSL_write() error: %s", - ERR_error_string(sslerror, error_buffer)); + SSL_strerror(sslerror, error_buffer, sizeof(error_buffer))); *curlcode = CURLE_SEND_ERROR; return -1; } @@ -3063,8 +3063,8 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */ size_t buffersize, /* max amount to read */ CURLcode *curlcode) { - char error_buffer[120]; /* OpenSSL documents that this must be at - least 120 bytes long. */ + char error_buffer[256]; /* OpenSSL documents that this must be at + least 256 bytes long. */ unsigned long sslerror; ssize_t nread; int buffsize; @@ -3095,7 +3095,7 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */ /* If the return code was negative or there actually is an error in the queue */ failf(conn->data, "SSL read: %s, errno %d", - ERR_error_string(sslerror, error_buffer), + SSL_strerror(sslerror, error_buffer, sizeof(error_buffer)), SOCKERRNO); *curlcode = CURLE_RECV_ERROR; return -1; |