X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=openssl.c;h=7e4e3d8a19321b929e2c7378d8346eaa1ed45ae4;hp=0005ed5fcb744872bab42db8c413d4a81f485dc2;hb=b5bbe06f4eae8fe1b7d3d16b8035f46b4fb54648;hpb=5d972b9163c3f0b1146a9c597d14e3a989f93b4f diff --git a/openssl.c b/openssl.c index 0005ed5f..7e4e3d8a 100644 --- a/openssl.c +++ b/openssl.c @@ -301,7 +301,7 @@ static int ssl_store_cert(struct client_state *csp, X509* crt) if (len > (sizeof(last->file_buf) - 1)) { log_error(LOG_LEVEL_ERROR, - "X509 PEM cert len %d is larger than buffer len %d", + "X509 PEM cert len %ld is larger than buffer len %lu", len, sizeof(last->file_buf) - 1); len = sizeof(last->file_buf) - 1; } @@ -721,7 +721,7 @@ extern int create_client_ssl_connection(struct client_state *csp) char *ca_file = NULL; char *cert_file = NULL; int ret = 0; - SSL* ssl; + SSL *ssl; /* * Initializing OpenSSL structures for TLS/SSL connection @@ -870,6 +870,7 @@ exit: extern void close_client_ssl_connection(struct client_state *csp) { struct ssl_attr *ssl_attr = &csp->ssl_client_attr; + SSL *ssl; if (csp->ssl_with_client_is_opened == 0) { @@ -880,6 +881,20 @@ extern void close_client_ssl_connection(struct client_state *csp) * Notifying the peer that the connection is being closed. */ BIO_ssl_shutdown(ssl_attr->openssl_attr.bio); + if (BIO_get_ssl(ssl_attr->openssl_attr.bio, &ssl) != 1) + { + log_ssl_errors(LOG_LEVEL_ERROR, + "BIO_get_ssl() failed in close_client_ssl_connection()"); + } + else + { + /* + * Pretend we received a shutdown alert so + * the BIO_free_all() call later on returns + * quickly. + */ + SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); + } free_client_ssl_structures(csp); csp->ssl_with_client_is_opened = 0; } @@ -929,6 +944,7 @@ static void free_client_ssl_structures(struct client_state *csp) extern void close_server_ssl_connection(struct client_state *csp) { struct ssl_attr *ssl_attr = &csp->ssl_server_attr; + SSL *ssl; if (csp->ssl_with_server_is_opened == 0) { @@ -939,6 +955,20 @@ extern void close_server_ssl_connection(struct client_state *csp) * Notifying the peer that the connection is being closed. */ BIO_ssl_shutdown(ssl_attr->openssl_attr.bio); + if (BIO_get_ssl(ssl_attr->openssl_attr.bio, &ssl) != 1) + { + log_ssl_errors(LOG_LEVEL_ERROR, + "BIO_get_ssl() failed in close_server_ssl_connection()"); + } + else + { + /* + * Pretend we received a shutdown alert so + * the BIO_free_all() call later on returns + * quickly. + */ + SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); + } free_server_ssl_structures(csp); csp->ssl_with_server_is_opened = 0; } @@ -1093,8 +1123,9 @@ extern int create_server_ssl_connection(struct client_state *csp) else { csp->server_cert_verification_result = verify_result; - log_error(LOG_LEVEL_ERROR, "SSL_get_verify_result failed: %s", - X509_verify_cert_error_string(verify_result)); + log_error(LOG_LEVEL_ERROR, + "X509 certificate verification for %s failed: %s", + csp->http->hostport, X509_verify_cert_error_string(verify_result)); ret = -1; goto exit; } @@ -2147,12 +2178,14 @@ extern void ssl_release(void) { if (ssl_inited == 1) { +#ifndef OPENSSL_NO_COMP SSL_COMP_free_compression_methods(); - +#endif CONF_modules_free(); CONF_modules_unload(1); - +#ifndef OPENSSL_NO_COMP COMP_zlib_cleanup(); +#endif ERR_free_strings(); EVP_cleanup();