summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dnstls-openssl.c
diff options
context:
space:
mode:
authorYu Watanabe <watanabe.yu+github@gmail.com>2020-02-10 14:50:03 +0900
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2020-03-01 14:02:23 +0100
commitdf70539f9fe01a16d0f561ad9c6f5d7a955039c0 (patch)
tree0788e31c067ec2974766a70d60a655b673444498 /src/resolve/resolved-dnstls-openssl.c
parent972e81629d405b2a9fe0781c483feb3775546609 (diff)
downloadsystemd-df70539f9fe01a16d0f561ad9c6f5d7a955039c0.tar.gz
resolve: error handling improvements
Diffstat (limited to 'src/resolve/resolved-dnstls-openssl.c')
-rw-r--r--src/resolve/resolved-dnstls-openssl.c27
1 files changed, 18 insertions, 9 deletions
diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c
index ce0a437371..8f58efacbd 100644
--- a/src/resolve/resolved-dnstls-openssl.c
+++ b/src/resolve/resolved-dnstls-openssl.c
@@ -73,7 +73,9 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
return -ENOMEM;
SSL_set_connect_state(s);
- SSL_set_session(s, server->dnstls_data.session);
+ r = SSL_set_session(s, server->dnstls_data.session);
+ if (r == 0)
+ return -EIO;
SSL_set_bio(s, TAKE_PTR(rb), TAKE_PTR(wb));
if (server->manager->dns_over_tls_mode == DNS_OVER_TLS_YES) {
@@ -83,7 +85,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
SSL_set_verify(s, SSL_VERIFY_PEER, NULL);
v = SSL_get0_param(s);
ip = server->family == AF_INET ? (const unsigned char*) &server->address.in.s_addr : server->address.in6.s6_addr;
- if (!X509_VERIFY_PARAM_set1_ip(v, ip, FAMILY_ADDRESS_SIZE(server->family)))
+ if (X509_VERIFY_PARAM_set1_ip(v, ip, FAMILY_ADDRESS_SIZE(server->family)) == 0)
return -ECONNREFUSED;
}
@@ -106,8 +108,8 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
char errbuf[256];
ERR_error_string_n(error, errbuf, sizeof(errbuf));
- log_debug("Failed to invoke SSL_do_handshake: %s", errbuf);
- return -ECONNREFUSED;
+ return log_debug_errno(SYNTHETIC_ERRNO(ECONNREFUSED),
+ "Failed to invoke SSL_do_handshake: %s", errbuf);
}
}
@@ -368,20 +370,27 @@ void dnstls_server_free(DnsServer *server) {
int dnstls_manager_init(Manager *manager) {
int r;
+
assert(manager);
ERR_load_crypto_strings();
SSL_load_error_strings();
- manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
+ manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
if (!manager->dnstls_data.ctx)
return -ENOMEM;
- SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
- SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
+ r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
+ if (r == 0)
+ return -EIO;
+
+ (void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
+
r = SSL_CTX_set_default_verify_paths(manager->dnstls_data.ctx);
- if (r < 0)
- log_warning("Failed to load system trust store: %s", ERR_error_string(ERR_get_error(), NULL));
+ if (r == 0)
+ return log_warning_errno(SYNTHETIC_ERRNO(EIO),
+ "Failed to load system trust store: %s",
+ ERR_error_string(ERR_get_error(), NULL));
return 0;
}