X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=openssl.c;h=fe4da8fd826092f02d99b96db2429a7263bef390;hp=ecfb6bf8ed3f38d72838a91803fb174be05a676c;hb=f5c1b608535aab58c97bf9623c08b479bc6dcf49;hpb=3b4813587fa2eab6daed2738f455a7145fb31f1e

diff --git a/openssl.c b/openssl.c
index ecfb6bf8..fe4da8fd 100644
--- a/openssl.c
+++ b/openssl.c
@@ -229,6 +229,11 @@ extern int ssl_recv_data(struct ssl_attr *ssl_attr, unsigned char *buf, size_t m
       ret = BIO_read(bio, buf, (int)max_length);
    } while (ret <= 0 && BIO_should_retry(bio));
 
+   if (BIO_get_ssl(bio, &ssl) == 1)
+   {
+      fd = SSL_get_fd(ssl);
+   }
+
    if (ret < 0)
    {
       log_ssl_errors(LOG_LEVEL_ERROR,
@@ -237,11 +242,6 @@ extern int ssl_recv_data(struct ssl_attr *ssl_attr, unsigned char *buf, size_t m
       return -1;
    }
 
-   if (BIO_get_ssl(bio, &ssl) == 1)
-   {
-      fd = SSL_get_fd(ssl);
-   }
-
    log_error(LOG_LEVEL_RECEIVED, "TLS from socket %d: %N",
       fd, ret, buf);
 
@@ -654,6 +654,13 @@ static int ssl_store_cert(struct client_state *csp, X509* crt)
    BIO_write(bio, &zero, 1);
 
    len = BIO_get_mem_data(bio, &bio_mem_data);
+   if (len <= 0)
+   {
+      log_error(LOG_LEVEL_ERROR, "BIO_get_mem_data() returned %d "
+         "while gathering certificate information", len);
+      ret = -1;
+      goto exit;
+   }
    encoded_text = html_encode(bio_mem_data);
    if (encoded_text == NULL)
    {
@@ -1280,7 +1287,7 @@ extern int ssl_base64_encode(unsigned char *dst, size_t dlen, size_t *olen,
                              const unsigned char *src, size_t slen)
 {
    *olen = 4 * ((slen/3)  + ((slen%3) ? 1 : 0)) + 1;
-   if (*olen < dlen)
+   if (*olen > dlen)
    {
       return ENOBUFS;
    }
@@ -1609,8 +1616,6 @@ static int ssl_certificate_is_invalid(const char *cert_file)
 
    if (!(cert = ssl_certificate_load(cert_file)))
    {
-      log_ssl_errors(LOG_LEVEL_ERROR,
-         "Error reading certificate file %s", cert_file);
       return 1;
    }
 
@@ -1640,7 +1645,7 @@ static int ssl_certificate_is_invalid(const char *cert_file)
  *          3  :  nid = OpenSSL NID
  *          4  :  value = extension value
  *
- * Returns     :   0 => Error while setting extensuon data
+ * Returns     :   0 => Error while setting extension data
  *                 1 => It worked
  *
  *********************************************************************/