diff options
| author |   bcook <bcook@openbsd.org> | 2014-12-07 15:00:32 +0000 |
|---|---|---|
| committer | bcook <bcook@openbsd.org> | 2014-12-07 15:00:32 +0000 |
| commit | 31569e865c65f39e40418e8235056535ee32e422 (patch) | |
| tree | 8fab3a4cf5403dba3935c74f84231df9b9b8c4c7 /lib/libtls/tls.c | |
| parent | Handle GF(2^m) EC curves for C code generation. (diff) | |
| download | wireguard-openbsd-31569e865c65f39e40418e8235056535ee32e422.tar.xz wireguard-openbsd-31569e865c65f39e40418e8235056535ee32e422.zip | |
Allow specific libtls hostname validation errors to propagate.
Remove direct calls to printf from the tls_check_hostname() path. This allows
NUL byte error messages to bubble up to the caller, to be logged in a
program-appropriate way. It also removes non-portable calls to getprogname().
The semantics of tls_error() are changed slightly: the last error message is
not necessarily preserved between subsequent calls into the library.
When the previous call to libtls succeeds, client programs should treat the
return value of tls_error() as undefined.
ok tedu@
Diffstat (limited to 'lib/libtls/tls.c')
| -rw-r--r-- | lib/libtls/tls.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index a7f612e40ba..d3bb79b3fe2 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.1 2014/10/31 13:46:17 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.2 2014/12/07 15:00:32 bcook Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -56,15 +56,22 @@ tls_error(struct tls *ctx) return ctx->errmsg; } +void +tls_clear_error(struct tls *ctx) +{ + ctx->err = 0; + free(ctx->errmsg); + ctx->errmsg = NULL; +} + int tls_set_error(struct tls *ctx, char *fmt, ...) { va_list ap; int rv; + tls_clear_error(ctx); ctx->err = errno; - free(ctx->errmsg); - ctx->errmsg = NULL; va_start(ap, fmt); rv = vasprintf(&ctx->errmsg, fmt, ap); |