diff --git a/lib/base/tlsstream.cpp b/lib/base/tlsstream.cpp index a75c7a9c5..68d205f7c 100644 --- a/lib/base/tlsstream.cpp +++ b/lib/base/tlsstream.cpp @@ -38,11 +38,13 @@ bool I2_EXPORT TlsStream::m_SSLIndexInitialized = false; TlsStream::TlsStream(const Socket::Ptr& socket, ConnectionRole role, const shared_ptr& sslContext) : m_Socket(socket), m_Role(role) { + std::ostringstream msgbuf; + char errbuf[120]; + m_SSL = shared_ptr(SSL_new(sslContext.get()), SSL_free); if (!m_SSL) { - std::ostringstream msgbuf; - msgbuf << "SSL_new() failed with code " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "SSL_new() failed with code " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "TlsStream", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() @@ -93,6 +95,9 @@ shared_ptr TlsStream::GetPeerCertificate(void) const void TlsStream::Handshake(void) { + std::ostringstream msgbuf; + char errbuf[120]; + for (;;) { int rc, err; @@ -121,8 +126,7 @@ void TlsStream::Handshake(void) Close(); return; default: - std::ostringstream msgbuf; - msgbuf << "SSL_do_handshake() failed with code " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "SSL_do_handshake() failed with code " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "TlsStream", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() @@ -138,6 +142,8 @@ void TlsStream::Handshake(void) size_t TlsStream::Read(void *buffer, size_t count) { size_t left = count; + std::ostringstream msgbuf; + char errbuf[120]; while (left > 0) { int rc, err; @@ -166,8 +172,7 @@ size_t TlsStream::Read(void *buffer, size_t count) Close(); return count - left; default: - std::ostringstream msgbuf; - msgbuf << "SSL_read() failed with code " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "SSL_read() failed with code " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "TlsStream", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() @@ -185,6 +190,8 @@ size_t TlsStream::Read(void *buffer, size_t count) void TlsStream::Write(const void *buffer, size_t count) { size_t left = count; + std::ostringstream msgbuf; + char errbuf[120]; while (left > 0) { int rc, err; @@ -213,8 +220,7 @@ void TlsStream::Write(const void *buffer, size_t count) Close(); return; default: - std::ostringstream msgbuf; - msgbuf << "SSL_write() failed with code " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "SSL_write() failed with code " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "TlsStream", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp index 9234619a7..2ca7ceda2 100644 --- a/lib/base/tlsutility.cpp +++ b/lib/base/tlsutility.cpp @@ -77,6 +77,8 @@ static void InitializeOpenSSL(void) shared_ptr MakeSSLContext(const String& pubkey, const String& privkey, const String& cakey) { std::ostringstream msgbuf; + char errbuf[120]; + InitializeOpenSSL(); shared_ptr sslContext = shared_ptr(SSL_CTX_new(TLSv1_method()), SSL_CTX_free); @@ -84,7 +86,7 @@ shared_ptr MakeSSLContext(const String& pubkey, const String& privkey, SSL_CTX_set_mode(sslContext.get(), SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); if (!SSL_CTX_use_certificate_chain_file(sslContext.get(), pubkey.CStr())) { - msgbuf << "Error with public key file '" << pubkey << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error with public key file '" << pubkey << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SSL_CTX_use_certificate_chain_file") @@ -93,7 +95,7 @@ shared_ptr MakeSSLContext(const String& pubkey, const String& privkey, } if (!SSL_CTX_use_PrivateKey_file(sslContext.get(), privkey.CStr(), SSL_FILETYPE_PEM)) { - msgbuf << "Error with private key file '" << privkey << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error with private key file '" << privkey << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SSL_CTX_use_PrivateKey_file") @@ -102,7 +104,7 @@ shared_ptr MakeSSLContext(const String& pubkey, const String& privkey, } if (!SSL_CTX_check_private_key(sslContext.get())) { - msgbuf << "Error checking private key '" << privkey << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error checking private key '" << privkey << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SSL_CTX_check_private_key") @@ -110,7 +112,7 @@ shared_ptr MakeSSLContext(const String& pubkey, const String& privkey, } if (!SSL_CTX_load_verify_locations(sslContext.get(), cakey.CStr(), NULL)) { - msgbuf << "Error loading and verifying locations in ca key file '" << cakey << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error loading and verifying locations in ca key file '" << cakey << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SSL_CTX_load_verify_locations") @@ -122,7 +124,7 @@ shared_ptr MakeSSLContext(const String& pubkey, const String& privkey, cert_names = SSL_load_client_CA_file(cakey.CStr()); if (cert_names == NULL) { - msgbuf << "Error loading client ca key file '" << cakey << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error loading client ca key file '" << cakey << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SSL_load_client_CA_file") @@ -144,13 +146,14 @@ shared_ptr MakeSSLContext(const String& pubkey, const String& privkey, void AddCRLToSSLContext(const shared_ptr& context, const String& crlPath) { std::ostringstream msgbuf; + char errbuf[120]; X509_STORE *x509_store = SSL_CTX_get_cert_store(context.get()); X509_LOOKUP *lookup; lookup = X509_STORE_add_lookup(x509_store, X509_LOOKUP_file()); if (!lookup) { - msgbuf << "Error adding X509 store lookup: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error adding X509 store lookup: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("X509_STORE_add_lookup") @@ -158,7 +161,7 @@ void AddCRLToSSLContext(const shared_ptr& context, const String& crlPat } if (X509_LOOKUP_load_file(lookup, crlPath.CStr(), X509_FILETYPE_PEM) != 0) { - msgbuf << "Error loading crl file '" << crlPath << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error loading crl file '" << crlPath << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("X509_LOOKUP_load_file") @@ -181,13 +184,14 @@ void AddCRLToSSLContext(const shared_ptr& context, const String& crlPat String GetCertificateCN(const shared_ptr& certificate) { std::ostringstream msgbuf; + char errbuf[120]; char buffer[256]; int rc = X509_NAME_get_text_by_NID(X509_get_subject_name(certificate.get()), NID_commonName, buffer, sizeof(buffer)); if (rc == -1) { - msgbuf << "Error with x509 NAME getting text by NID: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error with x509 NAME getting text by NID: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("X509_NAME_get_text_by_NID") @@ -206,11 +210,12 @@ String GetCertificateCN(const shared_ptr& certificate) shared_ptr GetX509Certificate(const String& pemfile) { std::ostringstream msgbuf; + char errbuf[120]; X509 *cert; BIO *fpcert = BIO_new(BIO_s_file()); if (fpcert == NULL) { - msgbuf << "Error creating new BIO: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error creating new BIO: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("BIO_new") @@ -218,7 +223,7 @@ shared_ptr GetX509Certificate(const String& pemfile) } if (BIO_read_filename(fpcert, pemfile.CStr()) < 0) { - msgbuf << "Error reading pem file '" << pemfile << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error reading pem file '" << pemfile << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("BIO_read_filename") @@ -228,7 +233,7 @@ shared_ptr GetX509Certificate(const String& pemfile) cert = PEM_read_bio_X509_AUX(fpcert, NULL, NULL, NULL); if (cert == NULL) { - msgbuf << "Error on bio X509 AUX reading pem file '" << pemfile << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error on bio X509 AUX reading pem file '" << pemfile << "': " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("PEM_read_bio_X509_AUX") @@ -282,11 +287,12 @@ int MakeX509CSR(const char *cn, const char *keyfile, const char *csrfile) String SHA256(const String& s) { std::ostringstream msgbuf; + char errbuf[120]; SHA256_CTX context; unsigned char digest[SHA256_DIGEST_LENGTH]; if (!SHA256_Init(&context)) { - msgbuf << "Error on SHA256 Init: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error on SHA256 Init: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SHA256_Init") @@ -294,7 +300,7 @@ String SHA256(const String& s) } if (!SHA256_Update(&context, (unsigned char*)s.CStr(), s.GetLength())) { - msgbuf << "Error on SHA256 Update: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error on SHA256 Update: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SHA256_Update") @@ -302,7 +308,7 @@ String SHA256(const String& s) } if (!SHA256_Final(digest, &context)) { - msgbuf << "Error on SHA256 Final: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), NULL) << "\""; + msgbuf << "Error on SHA256 Final: " << ERR_get_error() << ", \"" << ERR_error_string(ERR_get_error(), errbuf) << "\""; Log(LogCritical, "SSL", msgbuf.str()); BOOST_THROW_EXCEPTION(openssl_error() << boost::errinfo_api_function("SHA256_Final") diff --git a/lib/base/tlsutility.hpp b/lib/base/tlsutility.hpp index 51ece2bf1..6bd744e40 100644 --- a/lib/base/tlsutility.hpp +++ b/lib/base/tlsutility.hpp @@ -49,8 +49,9 @@ inline std::string to_string(const errinfo_openssl_error& e) { std::ostringstream tmp; int code = e.value(); + char errbuf[120]; - const char *message = ERR_error_string(code, NULL); + const char *message = ERR_error_string(code, errbuf); if (message == NULL) message = "Unknown error.";