From 1f25a6d67b5aa29edabf3c55b2f375b1ec941ae7 Mon Sep 17 00:00:00 2001
From: Francesco Giacomini <francesco.giacomini@cnaf.infn.it>
Date: Thu, 13 Jun 2024 18:01:27 +0200
Subject: [PATCH] Simplify the production of the SSL error message

Just rely on the canonical loop over the error stack, without special
treatment for an expired certificate, which is caught somewhere else in
any case.
Be sure that the data added to an error is a text string before printing
it.
---
 src/common/data.cc | 78 ++++++++++------------------------------------
 1 file changed, 16 insertions(+), 62 deletions(-)

diff --git a/src/common/data.cc b/src/common/data.cc
index 2b5cf1f4..494cc381 100644
--- a/src/common/data.cc
+++ b/src/common/data.cc
@@ -44,6 +44,7 @@ extern "C" {
 
 #include <string>
 #include <vector>
+#include <sstream>
 
 /*
  * Function:
@@ -144,71 +145,24 @@ stringify(int i, std::string &s)
 
 std::string OpenSSLError(bool debug) 
 {
-  unsigned long l;
-  char buf[256];
-#if SSLEAY_VERSION_NUMBER  >= 0x00904100L
-  const char *file;
-#else
-  char *file;
-#endif
-  char *dat;
-  int line;
-
-  std::string outstring;
-  char *msgstring = NULL;
-  char *errstring = NULL;
-
-  /* WIN32 does not have the ERR_get_error_line_data */ 
-  /* exported, so simulate it till it is fixed */
-  /* in SSLeay-0.9.0 */
-  
-  while ( ERR_peek_error() != 0 ) {
-    
-    int i;
-    ERR_STATE *es;
-      
-    es = ERR_get_state();
-    i = (es->bottom+1)%ERR_NUM_ERRORS;
-
-    if (es->err_data[i] == NULL)
-      dat = strdup("");
-    else
-      dat = strdup(es->err_data[i]);
-
-
-    if (dat) {
-      int code = 0;
-
-      l = ERR_get_error_line(&file, &line);
-      code = ERR_GET_REASON(l);
-
-      switch (code) {
-      case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:
-        outstring += "Either proxy or user certificate are expired.";
-        break;
-
-      default:
-        if (debug) {
-          std::string temp;
-          
-          outstring += std::string(ERR_error_string(l,buf)) + ":" +
-            file + ":" + stringify(line, temp) + dat + "\n";
-        }
-
-        msgstring = (char*)ERR_reason_error_string(l);
-        errstring = (char*)ERR_func_error_string(l);
+  std::ostringstream os;
 
-        if (msgstring)
-          outstring += std::string(msgstring) + std::string(dat ? dat : "") +
-            "\nFunction: " + std::string(errstring ? errstring : "") + "\n";
-        break;
-      }
-    }
-    
-    free(dat);
+  char const *file;
+  int line;
+  char const *data;
+  int flags;
+  unsigned long code = ERR_get_error_line_data(&file, &line, &data, &flags);
+  while (code)
+  {
+    std::size_t const buf_size = 256;
+    char buf[buf_size];
+    ERR_error_string_n(code, buf, buf_size);
+    os << buf << ':' << file << ':'
+       << line << ':' << (data && (flags & ERR_TXT_STRING) ? data : "") << '\n';
+    code = ERR_get_error_line_data(&file, &line, &data, &flags);
   }
 
-  return outstring;
+  return os.str();
 }
 
 static char *readfile(const char *file, int *size)