if (len > (sizeof(last->file_buf) - 1))
{
log_error(LOG_LEVEL_ERROR,
- "X509 PEM cert len %d is larger then buffer len %s",
+ "X509 PEM cert len %ld is larger than buffer len %lu",
len, sizeof(last->file_buf) - 1);
len = sizeof(last->file_buf) - 1;
}
char *ca_file = NULL;
char *cert_file = NULL;
int ret = 0;
- SSL* ssl;
+ SSL *ssl;
/*
* Initializing OpenSSL structures for TLS/SSL connection
extern void close_client_ssl_connection(struct client_state *csp)
{
struct ssl_attr *ssl_attr = &csp->ssl_client_attr;
+ SSL *ssl;
if (csp->ssl_with_client_is_opened == 0)
{
* Notifying the peer that the connection is being closed.
*/
BIO_ssl_shutdown(ssl_attr->openssl_attr.bio);
+ if (BIO_get_ssl(ssl_attr->openssl_attr.bio, &ssl) != 1)
+ {
+ log_ssl_errors(LOG_LEVEL_ERROR,
+ "BIO_get_ssl() failed in close_client_ssl_connection()");
+ }
+ else
+ {
+ /*
+ * Pretend we received a shutdown alert so
+ * the BIO_free_all() call later on returns
+ * quickly.
+ */
+ SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
+ }
free_client_ssl_structures(csp);
csp->ssl_with_client_is_opened = 0;
}
extern void close_server_ssl_connection(struct client_state *csp)
{
struct ssl_attr *ssl_attr = &csp->ssl_server_attr;
+ SSL *ssl;
if (csp->ssl_with_server_is_opened == 0)
{
* Notifying the peer that the connection is being closed.
*/
BIO_ssl_shutdown(ssl_attr->openssl_attr.bio);
+ if (BIO_get_ssl(ssl_attr->openssl_attr.bio, &ssl) != 1)
+ {
+ log_ssl_errors(LOG_LEVEL_ERROR,
+ "BIO_get_ssl() failed in close_server_ssl_connection()");
+ }
+ else
+ {
+ /*
+ * Pretend we received a shutdown alert so
+ * the BIO_free_all() call later on returns
+ * quickly.
+ */
+ SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
+ }
free_server_ssl_structures(csp);
csp->ssl_with_server_is_opened = 0;
}
else
{
csp->server_cert_verification_result = verify_result;
- log_error(LOG_LEVEL_ERROR, "SSL_get_verify_result failed: %s",
- X509_verify_cert_error_string(verify_result));
+ log_error(LOG_LEVEL_ERROR,
+ "X509 certificate verification for %s failed: %s",
+ csp->http->hostport, X509_verify_cert_error_string(verify_result));
ret = -1;
goto exit;
}
{
if (ssl_inited == 1)
{
+#ifndef OPENSSL_NO_COMP
SSL_COMP_free_compression_methods();
-
+#endif
CONF_modules_free();
CONF_modules_unload(1);
-
+#ifndef OPENSSL_NO_COMP
COMP_zlib_cleanup();
+#endif
ERR_free_strings();
EVP_cleanup();