Skip to content

N
nghttp2
Commit 47484438 authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa
Browse files
Options

shrpx: Log detailed error description in SSL code

parent 8a202036
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 6 deletions
src/shrpx_ssl.cc
View file @ 47484438
...@@ -98,7 +98,8 @@ SSL_CTX* create_ssl_context() ...@@ -98,7 +98,8 @@ SSL_CTX* create_ssl_context()
if(get_config()->ciphers) { if(get_config()->ciphers) {
if(SSL_CTX_set_cipher_list(ssl_ctx, get_config()->ciphers) == 0) { if(SSL_CTX_set_cipher_list(ssl_ctx, get_config()->ciphers) == 0) {
LOG(FATAL) << "SSL_CTX_set_cipher_list failed."; LOG(FATAL) << "SSL_CTX_set_cipher_list failed: "
<< ERR_error_string(ERR_get_error(), NULL);
DIE(); DIE();
} }
} }
...@@ -109,16 +110,19 @@ SSL_CTX* create_ssl_context() ...@@ -109,16 +110,19 @@ SSL_CTX* create_ssl_context()
if(SSL_CTX_use_PrivateKey_file(ssl_ctx, if(SSL_CTX_use_PrivateKey_file(ssl_ctx,
get_config()->private_key_file, get_config()->private_key_file,
SSL_FILETYPE_PEM) != 1) { SSL_FILETYPE_PEM) != 1) {
LOG(FATAL) << "SSL_CTX_use_PrivateKey_file failed."; LOG(FATAL) << "SSL_CTX_use_PrivateKey_file failed: "
<< ERR_error_string(ERR_get_error(), NULL);
DIE(); DIE();
} }
if(SSL_CTX_use_certificate_chain_file(ssl_ctx, if(SSL_CTX_use_certificate_chain_file(ssl_ctx,
get_config()->cert_file) != 1) { get_config()->cert_file) != 1) {
LOG(FATAL) << "SSL_CTX_use_certificate_file failed."; LOG(FATAL) << "SSL_CTX_use_certificate_file failed: "
<< ERR_error_string(ERR_get_error(), NULL);
DIE(); DIE();
} }
if(SSL_CTX_check_private_key(ssl_ctx) != 1) { if(SSL_CTX_check_private_key(ssl_ctx) != 1) {
LOG(FATAL) << "SSL_CTX_check_private_key failed."; LOG(FATAL) << "SSL_CTX_check_private_key failed: "
<< ERR_error_string(ERR_get_error(), NULL);
DIE(); DIE();
} }
if(get_config()->verify_client) { if(get_config()->verify_client) {
...@@ -147,14 +151,16 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx, ...@@ -147,14 +151,16 @@ ClientHandler* accept_ssl_connection(event_base *evbase, SSL_CTX *ssl_ctx,
if(rv == 0) { if(rv == 0) {
SSL *ssl = SSL_new(ssl_ctx); SSL *ssl = SSL_new(ssl_ctx);
if(!ssl) { if(!ssl) {
LOG(ERROR) << "SSL_new() failed"; LOG(ERROR) << "SSL_new() failed: "
<< ERR_error_string(ERR_get_error(), NULL);
return 0; return 0;
} }
int val = 1; int val = 1;
rv = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, rv = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY,
reinterpret_cast<char *>(&val), sizeof(val)); reinterpret_cast<char *>(&val), sizeof(val));
if(rv == -1) { if(rv == -1) {
LOG(WARNING) << "Setting option TCP_NODELAY failed"; LOG(WARNING) << "Setting option TCP_NODELAY failed: "
<< strerror(errno);
} }
bufferevent *bev = bufferevent_openssl_socket_new bufferevent *bev = bufferevent_openssl_socket_new
(evbase, fd, ssl, (evbase, fd, ssl,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment