[glib-networking/pgriffis/openssl-error_string] openssl: Replace ERR_error_string with ERR_error_string_n This function is thread-safe.
- From: Patrick Griffis <pgriffis src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/pgriffis/openssl-error_string] openssl: Replace ERR_error_string with ERR_error_string_n This function is thread-safe.
- Date: Mon, 13 Sep 2021 00:03:21 +0000 (UTC)
commit 5bac3f439e660becffb242d98e9db7b695027188
Author: Patrick Griffis <pgriffis igalia com>
Date: Sun Sep 12 19:02:44 2021 -0500
openssl: Replace ERR_error_string with ERR_error_string_n
This function is thread-safe.
tls/openssl/gtlscertificate-openssl.c | 13 +++++++----
tls/openssl/gtlsclientconnection-openssl.c | 15 +++++++++----
tls/openssl/gtlsdatabase-openssl.c | 4 +++-
tls/openssl/gtlsfiledatabase-openssl.c | 4 +++-
tls/openssl/gtlsserverconnection-openssl.c | 36 +++++++++++++++++++++---------
5 files changed, 52 insertions(+), 20 deletions(-)
---
diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
index 01ed1773..64d541ba 100644
--- a/tls/openssl/gtlscertificate-openssl.c
+++ b/tls/openssl/gtlscertificate-openssl.c
@@ -341,6 +341,7 @@ g_tls_certificate_openssl_set_property (GObject *object,
guint8 *data;
BIO *bio;
const char *string;
+ char error_buffer[1024];
switch (prop_id)
{
@@ -356,10 +357,11 @@ g_tls_certificate_openssl_set_property (GObject *object,
openssl->have_cert = TRUE;
else if (!openssl->construct_error)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
openssl->construct_error =
g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Could not parse DER certificate: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
}
break;
@@ -376,10 +378,11 @@ g_tls_certificate_openssl_set_property (GObject *object,
openssl->have_cert = TRUE;
else if (!openssl->construct_error)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
openssl->construct_error =
g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Could not parse PEM certificate: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
}
break;
@@ -395,10 +398,11 @@ g_tls_certificate_openssl_set_property (GObject *object,
openssl->have_key = TRUE;
else if (!openssl->construct_error)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
openssl->construct_error =
g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Could not parse DER private key: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
}
break;
@@ -414,10 +418,11 @@ g_tls_certificate_openssl_set_property (GObject *object,
openssl->have_key = TRUE;
else if (!openssl->construct_error)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
openssl->construct_error =
g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("Could not parse PEM private key: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
}
break;
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 50f67ef2..d92978a0 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -373,9 +373,11 @@ set_cipher_list (GTlsClientConnectionOpenssl *client,
{
if (!SSL_CTX_set_cipher_list (client->ssl_ctx, cipher_list))
{
+ char error_buffer[1024];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not set TLS cipher list: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
}
@@ -399,9 +401,11 @@ set_max_protocol (GTlsClientConnectionOpenssl *client,
{
if (!SSL_CTX_set_max_proto_version (client->ssl_ctx, (int)version))
{
+ char error_buffer[1024];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not set MAX protocol to %d: %s"),
- (int)version, ERR_error_string (ERR_get_error (), NULL));
+ (int)version, error_buffer);
return FALSE;
}
}
@@ -447,6 +451,7 @@ g_tls_client_connection_openssl_initable_init (GInitable *initable,
GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (initable);
long options;
const char *hostname;
+ char error_buffer[1024];
client->session = SSL_SESSION_new ();
@@ -460,9 +465,10 @@ g_tls_client_connection_openssl_initable_init (GInitable *initable,
#endif
if (!client->ssl_ctx)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not create TLS context: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
@@ -512,9 +518,10 @@ g_tls_client_connection_openssl_initable_init (GInitable *initable,
client->ssl = SSL_new (client->ssl_ctx);
if (!client->ssl)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not create TLS connection: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
diff --git a/tls/openssl/gtlsdatabase-openssl.c b/tls/openssl/gtlsdatabase-openssl.c
index bb42ef05..7ce0e7d6 100644
--- a/tls/openssl/gtlsdatabase-openssl.c
+++ b/tls/openssl/gtlsdatabase-openssl.c
@@ -225,9 +225,11 @@ g_tls_database_openssl_populate_trust_list (GTlsDatabaseOpenssl *self,
if (!X509_STORE_set_default_paths (store))
{
+ char error_buffer[1024];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Failed to load system trust store: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
diff --git a/tls/openssl/gtlsfiledatabase-openssl.c b/tls/openssl/gtlsfiledatabase-openssl.c
index 87879b5f..b1c6840d 100644
--- a/tls/openssl/gtlsfiledatabase-openssl.c
+++ b/tls/openssl/gtlsfiledatabase-openssl.c
@@ -450,10 +450,12 @@ g_tls_file_database_openssl_populate_trust_list (GTlsDatabaseOpenssl *self,
if (!X509_STORE_load_locations (store, file_database->anchor_filename, NULL))
{
+ char error_buffer[1024];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Failed to populate trust list from %s: %s"),
file_database->anchor_filename,
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index a9958fd5..41a12a93 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -162,6 +162,7 @@ ssl_set_certificate (SSL *ssl,
EVP_PKEY *key;
X509 *x;
GTlsCertificate *issuer;
+ char error_buffer[1024];
key = g_tls_certificate_openssl_get_key (G_TLS_CERTIFICATE_OPENSSL (cert));
@@ -178,23 +179,28 @@ ssl_set_certificate (SSL *ssl,
x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert));
if (SSL_use_certificate (ssl, x) <= 0)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("There is a problem with the certificate: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
if (SSL_use_PrivateKey (ssl, key) <= 0)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
_("There is a problem with the certificate private key: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
if (SSL_clear_chain_certs (ssl) == 0)
- g_warning ("There was a problem clearing the chain certificates: %s",
- ERR_error_string (ERR_get_error (), NULL));
+ {
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_warning ("There was a problem clearing the chain certificates: %s",
+ error_buffer);
+ }
/* Add all the issuers to create the full certificate chain */
for (issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (cert));
@@ -209,8 +215,11 @@ ssl_set_certificate (SSL *ssl,
* will take the ownership
*/
if (SSL_add1_chain_cert (ssl, issuer_x) == 0)
- g_warning ("There was a problem adding the chain certificate: %s",
- ERR_error_string (ERR_get_error (), NULL));
+ {
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+ g_warning ("There was a problem adding the chain certificate: %s",
+ error_buffer);
+ }
}
return TRUE;
@@ -284,9 +293,11 @@ set_cipher_list (GTlsServerConnectionOpenssl *server,
{
if (!SSL_CTX_set_cipher_list (server->ssl_ctx, cipher_list))
{
+ char error_buffer[1024];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not set TLS cipher list: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
}
@@ -310,9 +321,11 @@ set_max_protocol (GTlsServerConnectionOpenssl *server,
{
if (!SSL_CTX_set_max_proto_version (server->ssl_ctx, (int)version))
{
+ char error_buffer[1024];
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not set MAX protocol to %d: %s"),
- (int)version, ERR_error_string (ERR_get_error (), NULL));
+ (int)version, error_buffer);
return FALSE;
}
}
@@ -358,6 +371,7 @@ g_tls_server_connection_openssl_initable_init (GInitable *initable,
GTlsServerConnectionOpenssl *server = G_TLS_SERVER_CONNECTION_OPENSSL (initable);
GTlsCertificate *cert;
long options;
+ char error_buffer[1024];
server->session = SSL_SESSION_new ();
@@ -371,9 +385,10 @@ g_tls_server_connection_openssl_initable_init (GInitable *initable,
#endif
if (!server->ssl_ctx)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not create TLS context: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
@@ -436,9 +451,10 @@ g_tls_server_connection_openssl_initable_init (GInitable *initable,
server->ssl = SSL_new (server->ssl_ctx);
if (!server->ssl)
{
+ ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
_("Could not create TLS connection: %s"),
- ERR_error_string (ERR_get_error (), NULL));
+ error_buffer);
return FALSE;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
