walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

shrpx: Log detailed error description in SSL code

This commit is contained in:
Tatsuhiro Tsujikawa 2012-11-14 21:14:11 +09:00
parent 8a2020362d
commit 4748443899
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/shrpx_ssl.cc
View File

@ -98,7 +98,8 @@ SSL_CTX* create_ssl_context()
if(get_config()->ciphers) { if(get_config()->ciphers) {
if(SSL_CTX_set_cipher_list(ssl_ctx, get_config()->ciphers) == 0) { if(SSL_CTX_set_cipher_list(ssl_ctx, get_config()->ciphers) == 0) {
LOG(FATAL) << "SSL_CTX_set_cipher_list failed."; LOG(FATAL) << "SSL_CTX_set_cipher_list failed: "
<< ERR_error_string(ERR_get_error(), NULL);
DIE(); DIE();
} }
} }
@ -109,16 +110,19 @@ SSL_CTX* create_ssl_context()
if(SSL_CTX_use_PrivateKey_file(ssl_ctx, if(SSL_CTX_use_PrivateKey_file(ssl_ctx,
get_config()->private_key_file, get_config()->private_key_file,
SSL_FILETYPE_PEM) != 1) { SSL_FILETYPE_PEM) != 1) {
LOG(FATAL) << "SSL_CTX_use_PrivateKey_file failed."; LOG(FATAL) << "SSL_CTX_use_PrivateKey_file failed: "
<< ERR_error_string(ERR_get_error(), NULL);
DIE(); DIE();
} }
if(SSL_CTX_use_certificate_chain_file(ssl_ctx, if(SSL_CTX_use_certificate_chain_file(ssl_ctx,
get_config()->cert_file) != 1) { get_config()->cert_file) != 1) {
LOG(FATAL) << "SSL_CTX_use_certificate_file failed."; LOG(FATAL) << "SSL_CTX_use_certificate_file failed: "
<< ERR_error_string(ERR_get_error(), NULL);
DIE(); DIE();
} }
if(SSL_CTX_check_private_key(ssl_ctx) != 1) { if(SSL_CTX_check_private_key(ssl_ctx) != 1) {
LOG(FATAL) << "SSL_CTX_check_private_key failed."; LOG(FATAL) << "SSL_CTX_check_private_key failed: "
<< ERR_error_string(ERR_get_error(), NULL);
DIE(); DIE();
} }
if(get_config()->verify_client) { if(get_config()->verify_client) {
@ -147,14 +151,16 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
if(rv == 0) { if(rv == 0) {
SSL *ssl = SSL_new(ssl_ctx); SSL *ssl = SSL_new(ssl_ctx);
if(!ssl) { if(!ssl) {
LOG(ERROR) << "SSL_new() failed"; LOG(ERROR) << "SSL_new() failed: "
<< ERR_error_string(ERR_get_error(), NULL);
return 0; return 0;
} }
int val = 1; int val = 1;
rv = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, rv = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY,
reinterpret_cast<char *>(&val), sizeof(val)); reinterpret_cast<char *>(&val), sizeof(val));
if(rv == -1) { if(rv == -1) {
LOG(WARNING) << "Setting option TCP_NODELAY failed"; LOG(WARNING) << "Setting option TCP_NODELAY failed: "
<< strerror(errno);
} }
bufferevent *bev = bufferevent_openssl_socket_new bufferevent *bev = bufferevent_openssl_socket_new
(evbase, fd, ssl, (evbase, fd, ssl,