ok Alexander Bluhm([email protected]) on 2016.08.29 21:37:00 +0200: > Hi, > > Add more information into syslogd tls config error messages. > > ok? > > bluhm > > Index: usr.sbin/syslogd/syslogd.c > =================================================================== > RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v > retrieving revision 1.211 > diff -u -p -r1.211 syslogd.c > --- usr.sbin/syslogd/syslogd.c 17 Aug 2016 12:18:29 -0000 1.211 > +++ usr.sbin/syslogd/syslogd.c 22 Aug 2016 17:08:56 -0000 > @@ -327,6 +327,7 @@ void logevent(int, const char *); > void logerror(const char *); > void logerrorx(const char *); > void logerrorctx(const char *, struct tls *); > +void logerrortlsconf(const char *, struct tls_config *); > void logerror_reason(const char *, const char *); > void logmsg(int, char *, char *, int); > struct filed *find_dup(struct filed *); > @@ -564,22 +565,25 @@ main(int argc, char *argv[]) > } else { > if (tls_config_set_ca_file(client_config, > CAfile) == -1) { > + logerrortlsconf("Load client TLS CA failed", > + client_config); > /* avoid reading default certs in chroot */ > tls_config_set_ca_mem(client_config, "", 0); > - logerror("load client TLS CA failed"); > } else > logdebug("CAfile %s\n", CAfile); > } > if (ClientCertfile && ClientKeyfile) { > if (tls_config_set_cert_file(client_config, > ClientCertfile) == -1) > - logerror("load client TLS cert failed"); > + logerrortlsconf("Load client TLS cert failed", > + client_config); > else > logdebug("ClientCertfile %s\n", ClientCertfile); > > if (tls_config_set_key_file(client_config, > ClientKeyfile) == -1) > - logerror("load client TLS key failed"); > + logerrortlsconf("Load client TLS key failed", > + client_config); > else > logdebug("ClientKeyfile %s\n", ClientKeyfile); > } else if (ClientCertfile || ClientKeyfile) { > @@ -587,7 +591,8 @@ main(int argc, char *argv[]) > } > tls_config_set_protocols(client_config, TLS_PROTOCOLS_ALL); > if (tls_config_set_ciphers(client_config, "all") != 0) > - logerror("tls set client ciphers"); > + logerrortlsconf("Set client TLS ciphers failed", > + client_config); > } > if (server_config && server_ctx) { > const char *names[2]; > @@ -600,8 +605,9 @@ main(int argc, char *argv[]) > == -1) > continue; > if (tls_config_set_key_file(server_config, p) == -1) { > + logerrortlsconf("Load server TLS key failed", > + server_config); > free(p); > - logerrorx("tls_config_set_key_file"); > continue; > } > logdebug("Keyfile %s\n", p); > @@ -609,8 +615,9 @@ main(int argc, char *argv[]) > if (asprintf(&p, "/etc/ssl/%s.crt", names[i]) == -1) > continue; > if (tls_config_set_cert_file(server_config, p) == -1) { > + logerrortlsconf("Load server TLS cert failed", > + server_config); > free(p); > - logerrorx("tls_config_set_cert_file"); > continue; > } > logdebug("Certfile %s\n", p); > @@ -620,9 +627,10 @@ main(int argc, char *argv[]) > > tls_config_set_protocols(server_config, TLS_PROTOCOLS_ALL); > if (tls_config_set_ciphers(server_config, "compat") != 0) > - logerror("tls set server ciphers"); > + logerrortlsconf("Set server TLS ciphers failed", > + server_config); > if (tls_configure(server_ctx, server_config) != 0) { > - logerrorx("tls_configure server"); > + logerrorctx("tls_configure server", server_ctx); > tls_free(server_ctx); > server_ctx = NULL; > close(fd_tls); > @@ -2061,6 +2069,12 @@ void > logerrorctx(const char *message, struct tls *ctx) > { > logerror_reason(message, ctx ? tls_error(ctx) : NULL); > +} > + > +void > +logerrortlsconf(const char *message, struct tls_config *config) > +{ > + logerror_reason(message, config ? tls_config_error(config) : NULL); > } > > void >
--
