[glib-networking/pgriffis/openssl-error_string] openssl: Replace ERR_error_string with ERR_error_string_n This function is thread-safe.




commit 5bac3f439e660becffb242d98e9db7b695027188
Author: Patrick Griffis <pgriffis igalia com>
Date:   Sun Sep 12 19:02:44 2021 -0500

    openssl: Replace ERR_error_string with ERR_error_string_n
    This function is thread-safe.

 tls/openssl/gtlscertificate-openssl.c      | 13 +++++++----
 tls/openssl/gtlsclientconnection-openssl.c | 15 +++++++++----
 tls/openssl/gtlsdatabase-openssl.c         |  4 +++-
 tls/openssl/gtlsfiledatabase-openssl.c     |  4 +++-
 tls/openssl/gtlsserverconnection-openssl.c | 36 +++++++++++++++++++++---------
 5 files changed, 52 insertions(+), 20 deletions(-)
---
diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
index 01ed1773..64d541ba 100644
--- a/tls/openssl/gtlscertificate-openssl.c
+++ b/tls/openssl/gtlscertificate-openssl.c
@@ -341,6 +341,7 @@ g_tls_certificate_openssl_set_property (GObject      *object,
   guint8 *data;
   BIO *bio;
   const char *string;
+  char error_buffer[1024];
 
   switch (prop_id)
     {
@@ -356,10 +357,11 @@ g_tls_certificate_openssl_set_property (GObject      *object,
         openssl->have_cert = TRUE;
       else if (!openssl->construct_error)
         {
+          ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
           openssl->construct_error =
             g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
                          _("Could not parse DER certificate: %s"),
-                         ERR_error_string (ERR_get_error (), NULL));
+                         error_buffer);
         }
 
       break;
@@ -376,10 +378,11 @@ g_tls_certificate_openssl_set_property (GObject      *object,
         openssl->have_cert = TRUE;
       else if (!openssl->construct_error)
         {
+          ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
           openssl->construct_error =
             g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
                          _("Could not parse PEM certificate: %s"),
-                         ERR_error_string (ERR_get_error (), NULL));
+                         error_buffer);
         }
       break;
 
@@ -395,10 +398,11 @@ g_tls_certificate_openssl_set_property (GObject      *object,
         openssl->have_key = TRUE;
       else if (!openssl->construct_error)
         {
+          ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
           openssl->construct_error =
             g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
                          _("Could not parse DER private key: %s"),
-                         ERR_error_string (ERR_get_error (), NULL));
+                         error_buffer);
         }
       break;
 
@@ -414,10 +418,11 @@ g_tls_certificate_openssl_set_property (GObject      *object,
         openssl->have_key = TRUE;
       else if (!openssl->construct_error)
         {
+          ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
           openssl->construct_error =
             g_error_new (G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
                          _("Could not parse PEM private key: %s"),
-                         ERR_error_string (ERR_get_error (), NULL));
+                         error_buffer);
         }
       break;
 
diff --git a/tls/openssl/gtlsclientconnection-openssl.c b/tls/openssl/gtlsclientconnection-openssl.c
index 50f67ef2..d92978a0 100644
--- a/tls/openssl/gtlsclientconnection-openssl.c
+++ b/tls/openssl/gtlsclientconnection-openssl.c
@@ -373,9 +373,11 @@ set_cipher_list (GTlsClientConnectionOpenssl  *client,
     {
       if (!SSL_CTX_set_cipher_list (client->ssl_ctx, cipher_list))
         {
+          char error_buffer[1024];
+          ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
           g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                        _("Could not set TLS cipher list: %s"),
-                       ERR_error_string (ERR_get_error (), NULL));
+                       error_buffer);
           return FALSE;
         }
     }
@@ -399,9 +401,11 @@ set_max_protocol (GTlsClientConnectionOpenssl  *client,
         {
           if (!SSL_CTX_set_max_proto_version (client->ssl_ctx, (int)version))
             {
+              char error_buffer[1024];
+              ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
               g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                            _("Could not set MAX protocol to %d: %s"),
-                           (int)version, ERR_error_string (ERR_get_error (), NULL));
+                           (int)version, error_buffer);
               return FALSE;
             }
         }
@@ -447,6 +451,7 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
   GTlsClientConnectionOpenssl *client = G_TLS_CLIENT_CONNECTION_OPENSSL (initable);
   long options;
   const char *hostname;
+  char error_buffer[1024];
 
   client->session = SSL_SESSION_new ();
 
@@ -460,9 +465,10 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
 #endif
   if (!client->ssl_ctx)
     {
+      ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                    _("Could not create TLS context: %s"),
-                   ERR_error_string (ERR_get_error (), NULL));
+                   error_buffer);
       return FALSE;
     }
 
@@ -512,9 +518,10 @@ g_tls_client_connection_openssl_initable_init (GInitable       *initable,
   client->ssl = SSL_new (client->ssl_ctx);
   if (!client->ssl)
     {
+      ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                    _("Could not create TLS connection: %s"),
-                   ERR_error_string (ERR_get_error (), NULL));
+                   error_buffer);
       return FALSE;
     }
 
diff --git a/tls/openssl/gtlsdatabase-openssl.c b/tls/openssl/gtlsdatabase-openssl.c
index bb42ef05..7ce0e7d6 100644
--- a/tls/openssl/gtlsdatabase-openssl.c
+++ b/tls/openssl/gtlsdatabase-openssl.c
@@ -225,9 +225,11 @@ g_tls_database_openssl_populate_trust_list (GTlsDatabaseOpenssl  *self,
 
   if (!X509_STORE_set_default_paths (store))
     {
+      char error_buffer[1024];
+      ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                    _("Failed to load system trust store: %s"),
-                   ERR_error_string (ERR_get_error (), NULL));
+                   error_buffer);
       return FALSE;
     }
 
diff --git a/tls/openssl/gtlsfiledatabase-openssl.c b/tls/openssl/gtlsfiledatabase-openssl.c
index 87879b5f..b1c6840d 100644
--- a/tls/openssl/gtlsfiledatabase-openssl.c
+++ b/tls/openssl/gtlsfiledatabase-openssl.c
@@ -450,10 +450,12 @@ g_tls_file_database_openssl_populate_trust_list (GTlsDatabaseOpenssl  *self,
 
   if (!X509_STORE_load_locations (store, file_database->anchor_filename, NULL))
     {
+      char error_buffer[1024];
+      ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                    _("Failed to populate trust list from %s: %s"),
                    file_database->anchor_filename,
-                   ERR_error_string (ERR_get_error (), NULL));
+                   error_buffer);
       return FALSE;
     }
 
diff --git a/tls/openssl/gtlsserverconnection-openssl.c b/tls/openssl/gtlsserverconnection-openssl.c
index a9958fd5..41a12a93 100644
--- a/tls/openssl/gtlsserverconnection-openssl.c
+++ b/tls/openssl/gtlsserverconnection-openssl.c
@@ -162,6 +162,7 @@ ssl_set_certificate (SSL              *ssl,
   EVP_PKEY *key;
   X509 *x;
   GTlsCertificate *issuer;
+  char error_buffer[1024];
 
   key = g_tls_certificate_openssl_get_key (G_TLS_CERTIFICATE_OPENSSL (cert));
 
@@ -178,23 +179,28 @@ ssl_set_certificate (SSL              *ssl,
   x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (cert));
   if (SSL_use_certificate (ssl, x) <= 0)
     {
+      ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
                    _("There is a problem with the certificate: %s"),
-                   ERR_error_string (ERR_get_error (), NULL));
+                   error_buffer);
       return FALSE;
     }
 
   if (SSL_use_PrivateKey (ssl, key) <= 0)
     {
+      ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
                    _("There is a problem with the certificate private key: %s"),
-                   ERR_error_string (ERR_get_error (), NULL));
+                   error_buffer);
       return FALSE;
     }
 
   if (SSL_clear_chain_certs (ssl) == 0)
-    g_warning ("There was a problem clearing the chain certificates: %s",
-               ERR_error_string (ERR_get_error (), NULL));
+    {
+      ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+      g_warning ("There was a problem clearing the chain certificates: %s",
+                 error_buffer);
+    }
 
   /* Add all the issuers to create the full certificate chain */
   for (issuer = g_tls_certificate_get_issuer (G_TLS_CERTIFICATE (cert));
@@ -209,8 +215,11 @@ ssl_set_certificate (SSL              *ssl,
        * will take the ownership
        */
       if (SSL_add1_chain_cert (ssl, issuer_x) == 0)
-        g_warning ("There was a problem adding the chain certificate: %s",
-                   ERR_error_string (ERR_get_error (), NULL));
+        {
+          ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
+          g_warning ("There was a problem adding the chain certificate: %s",
+                     error_buffer);
+        }
     }
 
   return TRUE;
@@ -284,9 +293,11 @@ set_cipher_list (GTlsServerConnectionOpenssl  *server,
     {
       if (!SSL_CTX_set_cipher_list (server->ssl_ctx, cipher_list))
         {
+          char error_buffer[1024];
+          ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
           g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                        _("Could not set TLS cipher list: %s"),
-                       ERR_error_string (ERR_get_error (), NULL));
+                       error_buffer);
           return FALSE;
         }
     }
@@ -310,9 +321,11 @@ set_max_protocol (GTlsServerConnectionOpenssl  *server,
         {
           if (!SSL_CTX_set_max_proto_version (server->ssl_ctx, (int)version))
             {
+              char error_buffer[1024];
+              ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
               g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                            _("Could not set MAX protocol to %d: %s"),
-                           (int)version, ERR_error_string (ERR_get_error (), NULL));
+                           (int)version, error_buffer);
               return FALSE;
             }
         }
@@ -358,6 +371,7 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
   GTlsServerConnectionOpenssl *server = G_TLS_SERVER_CONNECTION_OPENSSL (initable);
   GTlsCertificate *cert;
   long options;
+  char error_buffer[1024];
 
   server->session = SSL_SESSION_new ();
 
@@ -371,9 +385,10 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
 #endif
   if (!server->ssl_ctx)
     {
+      ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                    _("Could not create TLS context: %s"),
-                   ERR_error_string (ERR_get_error (), NULL));
+                   error_buffer);
       return FALSE;
     }
 
@@ -436,9 +451,10 @@ g_tls_server_connection_openssl_initable_init (GInitable       *initable,
   server->ssl = SSL_new (server->ssl_ctx);
   if (!server->ssl)
     {
+      ERR_error_string_n (ERR_get_error (), error_buffer, sizeof (error_buffer));
       g_set_error (error, G_TLS_ERROR, G_TLS_ERROR_MISC,
                    _("Could not create TLS connection: %s"),
-                   ERR_error_string (ERR_get_error (), NULL));
+                   error_buffer);
       return FALSE;
     }
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]