diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2003-02-04 12:29:57 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2003-02-04 12:29:57 +0000 |
| commit | 5d28f3781bdcdc23e1a8c010f8a37de094a9d005 (patch) | |
| tree | bc7cd40c97babc792a8f69630530c99ee1fcd25b /lib | |
| parent | 10026bb62ebb7ecdfcfcc5bf7538361212ec8df2 (diff) | |
Improved error reporting in case of bad SSL_connect()s, and we also no
longer use the SSL functions that store the error message in a static buffer
since that is not very multi-thread friendly.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ssluse.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index d1a0f3f53..c70b75145 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -719,6 +719,7 @@ Curl_SSLConnect(struct connectdata *conn) #ifdef USE_SSLEAY struct SessionHandle *data = conn->data; int err; + int what=0; char * str; SSL_METHOD *req_method; SSL_SESSION *ssl_sessionid=NULL; @@ -816,7 +817,6 @@ Curl_SSLConnect(struct connectdata *conn) SSL_set_fd(conn->ssl.handle, conn->firstsocket); do { - int what; fd_set writefd; fd_set readfd; struct timeval interval; @@ -824,17 +824,21 @@ Curl_SSLConnect(struct connectdata *conn) err = SSL_connect(conn->ssl.handle); - what = SSL_get_error(conn->ssl.handle, err); - FD_ZERO(&writefd); FD_ZERO(&readfd); - if(SSL_ERROR_WANT_READ == what) - FD_SET(conn->firstsocket, &readfd); - else if(SSL_ERROR_WANT_WRITE == what) - FD_SET(conn->firstsocket, &writefd); - else - break; /* untreated error */ + if(1 != err) { + /* anything besides 1 returned fom SSL_connect() is not OK */ + + what = SSL_get_error(conn->ssl.handle, err); + + if(SSL_ERROR_WANT_READ == what) + FD_SET(conn->firstsocket, &readfd); + else if(SSL_ERROR_WANT_WRITE == what) + FD_SET(conn->firstsocket, &writefd); + else + break; /* untreated error */ + } /* Find out if any timeout is set. If not, use 300 seconds. Otherwise, figure out the most strict timeout of the two possible one @@ -892,8 +896,11 @@ Curl_SSLConnect(struct connectdata *conn) 0 is "not successful but was shut down controlled" <0 is "handshake was not successful, because a fatal error occurred" */ if (err <= 0) { - err = ERR_get_error(); - failf(data, "SSL: %s", ERR_error_string(err, NULL)); + char error_buffer[120]; /* OpenSSL documents that this must be at least + 120 bytes long. */ + + /* what is already set to the SSL error before */ + failf(data, "SSL: %s", ERR_error_string(what, error_buffer)); return CURLE_SSL_CONNECT_ERROR; } |