Merge pull request #133 from italiangrid/110-error-string-handling-fo…

…r-openssl-300-needs-further-fixing

Avoid function names when printing OpenSSL errors

src/client/vomsclient.cc

@@ -1049,15 +1049,15 @@ bool Client::Test()
     Print(WARN) << std::endl << "ERROR: Your certificate expired "
                 << asctime(localtime(&time_after)) << std::endl;
 
-    return 2;
+    return true;
   } 
 
   if (hours && time_diff < length) {
     Print(WARN) << std::endl << "Warning: your certificate and proxy will expire "
                 << asctime(localtime(&time_after))
                 << "which is within the requested lifetime of the proxy"
                 << std::endl;
-    return 1;
+    return false;
   }
 
   if (!quiet) {
@@ -1068,7 +1068,7 @@ bool Client::Test()
                 << asctime(localtime(&time_after_proxy)) << std::flush;
   }
 
-  return 0;
+  return false;
 }
 
 bool Client::AddToList(AC *ac) 

src/common/data.cc

@@ -44,6 +44,7 @@ extern "C" {
 
 #include <string>
 #include <vector>
+#include <sstream>
 
 /*
  * Function:
@@ -144,71 +145,24 @@ stringify(int i, std::string &s)
 
 std::string OpenSSLError(bool debug) 
 {
-  unsigned long l;
-  char buf[256];
-#if SSLEAY_VERSION_NUMBER  >= 0x00904100L
-  const char *file;
-#else
-  char *file;
-#endif
-  char *dat;
-  int line;
-
-  std::string outstring;
-  char *msgstring = NULL;
-  char *errstring = NULL;
-
-  /* WIN32 does not have the ERR_get_error_line_data */ 
-  /* exported, so simulate it till it is fixed */
-  /* in SSLeay-0.9.0 */
-
-  while ( ERR_peek_error() != 0 ) {
-
-    int i;
-    ERR_STATE *es;
-
-    es = ERR_get_state();
-    i = (es->bottom+1)%ERR_NUM_ERRORS;
-
-    if (es->err_data[i] == NULL)
-      dat = strdup("");
-    else
-      dat = strdup(es->err_data[i]);
-
-
-    if (dat) {
-      int code = 0;
-
-      l = ERR_get_error_line(&file, &line);
-      code = ERR_GET_REASON(l);
-
-      switch (code) {
-      case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:
-        outstring += "Either proxy or user certificate are expired.";
-        break;
-
-      default:
-        if (debug) {
-          std::string temp;
-
-          outstring += std::string(ERR_error_string(l,buf)) + ":" +
-            file + ":" + stringify(line, temp) + dat + "\n";
-        }
-
-        msgstring = (char*)ERR_reason_error_string(l);
-        errstring = (char*)ERR_func_error_string(l);
+  std::ostringstream os;
 
-        if (msgstring)
-          outstring += std::string(msgstring) + std::string(dat ? dat : "") +
-            "\nFunction: " + std::string(errstring ? errstring : "") + "\n";
-        break;
-      }
-    }
-
-    free(dat);
+  char const *file;
+  int line;
+  char const *data;
+  int flags;
+  unsigned long code = ERR_get_error_line_data(&file, &line, &data, &flags);
+  while (code)
+  {
+    std::size_t const buf_size = 256;
+    char buf[buf_size];
+    ERR_error_string_n(code, buf, buf_size);
+    os << file << ':' << line << ':'
+       << buf << (data && (flags & ERR_TXT_STRING) ? data : "") << '\n';
+    code = ERR_get_error_line_data(&file, &line, &data, &flags);
   }
 
-  return outstring;
+  return os.str();
 }
 
 static char *readfile(const char *file, int *size)

src/socklib/Server.cpp

@@ -719,7 +719,8 @@ void GSISocketServer::SetErrorOpenSSL(const std::string &err)
 
   while( ERR_peek_error() ){
 
-    char error_msg_buf[512];
+    std::size_t const error_msg_buf_size = 512;
+    char error_msg_buf[error_msg_buf_size];
 
     const char *filename;
     int lineno;
@@ -729,7 +730,6 @@ void GSISocketServer::SetErrorOpenSSL(const std::string &err)
     long error_code = ERR_get_error_line_data(&filename, &lineno, &data, &flags);
 
     const char *lib = ERR_lib_error_string(error_code);
-    const char *func = ERR_func_error_string(error_code);
     const char *error_reason = ERR_reason_error_string(error_code);
 
     if (lib == NULL) {
@@ -741,11 +741,11 @@ void GSISocketServer::SetErrorOpenSSL(const std::string &err)
       }
     }
 
-    sprintf(error_msg_buf,
-        "%s %s [err:%lu,lib:%s,func:%s(file: %s+%d)]",
+    snprintf(error_msg_buf, error_msg_buf_size,
+        "%s %s [err:%lu,lib:%s,file:%s+%d]",
         (error_reason) ? error_reason : "",
-        (data) ? data : "",
-        error_code,lib,func,filename,lineno);
+        (data && (flags & ERR_TXT_STRING)) ? data : "",
+        error_code,lib,filename,lineno);
 
     openssl_errors.push_back(error_msg_buf);
   }

src/sslutils/sslutils.c

@@ -519,7 +519,7 @@ ERR_load_prxyerr_strings(
 
         randfile = RAND_file_name(buffer,200);
 
-        if (randfile && access(randfile, "r") == 0)
+        if (randfile && access(randfile, R_OK) == 0)
         {
             RAND_load_file(randfile,1024L*1024L);
         }

testsuite/voms/voms/server.c

@@ -164,11 +164,8 @@ int main(int argc, char *argv[])
         //      if (debug)
         fprintf(stdout, "%s:%s,%d,%s\n", ERR_error_string(l, buf),
                 file, line, dat);
-        //      error += std::string(ERR_reason_error_string(l)) + ":" + std::string(ERR_func_error_string(l)) + "\n";
       }
     }
-/*     fprintf(stdout, "%s\n", */
-/*             ERR_reason_error_string( ERR_get_error() )); */
     fprintf(stdout, "ERROR\n");
     exit(1);
   }

testsuite/voms/voms/server2.c

@@ -161,11 +161,8 @@ int main(int argc, char *argv[])
         //      if (debug)
         fprintf(stdout, "%s:%s,%d,%s\n", ERR_error_string(l, buf),
                 file, line, dat);
-        //      error += std::string(ERR_reason_error_string(l)) + ":" + std::string(ERR_func_error_string(l)) + "\n";
       }
     }
-/*     fprintf(stdout, "%s\n", */
-/*             ERR_reason_error_string( ERR_get_error() )); */
     fprintf(stdout, "ERROR\n");
     exit(1);
   }