diff --git a/src/sbbs3/ftpsrvr.c b/src/sbbs3/ftpsrvr.c index d0d94550c0fb9acfabe7cc993a94ce4254817d47..7edcd6f6c6c31be0dd71c7efcd3f872ec87b2027 100644 --- a/src/sbbs3/ftpsrvr.c +++ b/src/sbbs3/ftpsrvr.c @@ -302,6 +302,7 @@ static int sockprintf(SOCKET sock, CRYPT_SESSION sess, char *fmt, ...) char sbuf[1024]; fd_set socket_set; struct timeval tv; + char estr[SSL_ESTR_LEN]; va_start(argptr,fmt); len=vsnprintf(sbuf,maxlen=sizeof(sbuf)-2,fmt,argptr); @@ -344,13 +345,15 @@ static int sockprintf(SOCKET sock, CRYPT_SESSION sess, char *fmt, ...) if (result == CRYPT_OK) sent += tls_sent; else { - lprintf(LOG_DEBUG, "pushData returned %d\n", result); - if (result != -25) - return 0; + get_crypt_error_string(result, sess, estr, "sending data"); + lprintf(LOG_DEBUG, "%04d !ERROR %s", sock, estr); + if (result != CRYPT_ERROR_TIMEOUT) + return 0; } result = cryptFlushData(sess); if (result != CRYPT_OK) { - lprintf(LOG_DEBUG, "cryptFlushData() returned %d\n", result); + get_crypt_error_string(result, sess, estr, "flushing data"); + lprintf(LOG_DEBUG, "%04d error %s", sock, estr); return 0; } } @@ -1163,6 +1166,7 @@ static int sock_recvbyte(SOCKET sock, CRYPT_SESSION sess, char *buf, time_t *las struct timeval tv; int ret; int i; + char estr[SSL_ESTR_LEN]; if(ftp_set==NULL || terminate_server) { sockprintf(sock,sess,"421 Server downed, aborting."); @@ -1171,7 +1175,10 @@ static int sock_recvbyte(SOCKET sock, CRYPT_SESSION sess, char *buf, time_t *las } if (sess > -1) { /* Try a read with no timeout first. */ - cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, 0); + if ((ret = cryptSetAttribute(sess, CRYPT_OPTION_NET_READTIMEOUT, 0)) != CRYPT_OK) { + get_crypt_error_string(ret, sess, estr, "setting read timeout"); + lprintf(LOG_DEBUG, "%04d !ERROR %s", sock, estr); + } while (1) { ret = cryptPopData(sess, buf, 1, &len); /* Successive reads will be with the full timeout after a select() */ @@ -1180,12 +1187,14 @@ static int sock_recvbyte(SOCKET sock, CRYPT_SESSION sess, char *buf, time_t *las case CRYPT_OK: break; case CRYPT_ERROR_TIMEOUT: - lprintf(LOG_WARNING,"%04d !TIMEOUT in sock_recvbyte (%u seconds): INACTIVE SOCKET",sock,startup->max_inactivity); + get_crypt_error_string(ret, sess, estr, "popping data"); + lprintf(LOG_WARNING, "%04d !TIMEOUT %s (%u seconds)", sock, estr, startup->max_inactivity); return -1; case CRYPT_ERROR_COMPLETE: return 0; default: - lprintf(LOG_WARNING,"%04d !Cryptlib error in sock_recvbyte: %d",sock,ret); + get_crypt_error_string(ret, sess, estr, "popping data"); + lprintf(LOG_WARNING, "%04d !ERROR %s", sock, estr); if (ret < -1) return ret; return -2; @@ -1357,6 +1366,7 @@ static void send_thread(void* arg) socklen_t addr_len; fd_set socket_set; struct timeval tv; + char estr[SSL_ESTR_LEN]; xfer=*(xfer_t*)arg; free(arg); @@ -1449,13 +1459,15 @@ static void send_thread(void* arg) if (*xfer.data_sess != -1) { int status = cryptPushData(*xfer.data_sess, buf, rd, &wr); if (status != CRYPT_OK) { - lprintf(LOG_DEBUG, "PushData() returned %d\n", status); + get_crypt_error_string(status, *xfer.data_sess, estr, "pushing data"); + lprintf(LOG_DEBUG, "%04d !ERROR %s", *xfer.data_sock, estr); wr = -1; } else { status = cryptFlushData(*xfer.data_sess); if (status != CRYPT_OK) { - lprintf(LOG_DEBUG, "cryptFlushData() returned %d\n", status); + get_crypt_error_string(status, *xfer.data_sess, estr, "flushing data"); + lprintf(LOG_DEBUG, "%04d !ERROR %s", *xfer.data_sock, estr); wr = -1; } } @@ -1633,6 +1645,7 @@ static void receive_thread(void* arg) fd_set socket_set; struct timeval tv; CRYPT_SESSION sess = -1; + char estr[SSL_ESTR_LEN]; xfer=*(xfer_t*)arg; free(arg); @@ -1721,8 +1734,11 @@ static void receive_thread(void* arg) #endif if (*xfer.data_sess != -1) { int status = cryptPopData(*xfer.data_sess, buf, sizeof(buf), &rd); - if (status != CRYPT_OK) + if (status != CRYPT_OK) { + get_crypt_error_string(status, *xfer.data_sess, estr, "flushing data"); + lprintf(LOG_DEBUG, "%04d !ERROR %s", *xfer.data_sock, estr); rd = -1; + } } else { rd=recv(*xfer.data_sock,buf,sizeof(buf),0); @@ -1912,30 +1928,33 @@ static BOOL start_tls(SOCKET *sock, CRYPT_SESSION *sess, BOOL resp) BOOL nodelay; ulong nb; int status; - char *estr; + char estr[SSL_ESTR_LEN]; - if (get_ssl_cert(&scfg, NULL) == -1) { - lprintf(LOG_ERR, "Unable to get certificate"); + if (get_ssl_cert(&scfg, estr) == -1) { + lprintf(LOG_ERR, "Unable to get certificate %s", estr); if (resp) sockprintf(*sock, *sess, "431 TLS not available"); return FALSE; } - if (cryptCreateSession(sess, CRYPT_UNUSED, CRYPT_SESSION_SSL_SERVER) != CRYPT_OK) { - lprintf(LOG_ERR, "Unable to create TLS session"); + if ((status = cryptCreateSession(sess, CRYPT_UNUSED, CRYPT_SESSION_SSL_SERVER)) != CRYPT_OK) { + get_crypt_error_string(status, CRYPT_UNUSED, estr, "creating session"); + lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr); if (resp) sockprintf(*sock, *sess, "431 TLS not available"); return FALSE; } - if (cryptSetAttribute(*sess, CRYPT_SESSINFO_SSL_OPTIONS, CRYPT_SSLOPTION_DISABLE_CERTVERIFY) != CRYPT_OK) { - lprintf(LOG_ERR, "Unable to disable certificate verification"); + if ((status = cryptSetAttribute(*sess, CRYPT_SESSINFO_SSL_OPTIONS, CRYPT_SSLOPTION_DISABLE_CERTVERIFY)) != CRYPT_OK) { + get_crypt_error_string(status, *sess, estr, "disabling certificate verification"); + lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr); cryptDestroySession(*sess); *sess = -1; if(resp) sockprintf(*sock, *sess, "431 TLS not available"); return FALSE; } - if (cryptSetAttribute(*sess, CRYPT_SESSINFO_PRIVATEKEY, scfg.tls_certificate) != CRYPT_OK) { - lprintf(LOG_ERR, "Unable to set private key"); + if ((status=cryptSetAttribute(*sess, CRYPT_SESSINFO_PRIVATEKEY, scfg.tls_certificate)) != CRYPT_OK) { + get_crypt_error_string(status, *sess, estr, "setting private key"); + lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr); cryptDestroySession(*sess); *sess = -1; if (resp) @@ -1946,8 +1965,9 @@ static BOOL start_tls(SOCKET *sock, CRYPT_SESSION *sess, BOOL resp) setsockopt(*sock,IPPROTO_TCP,TCP_NODELAY,(char*)&nodelay,sizeof(nodelay)); nb=0; ioctlsocket(*sock,FIONBIO,&nb); - if (cryptSetAttribute(*sess, CRYPT_SESSINFO_NETWORKSOCKET, *sock) != CRYPT_OK) { - lprintf(LOG_ERR, "Unable to set network socket"); + if ((status = cryptSetAttribute(*sess, CRYPT_SESSINFO_NETWORKSOCKET, *sock)) != CRYPT_OK) { + get_crypt_error_string(status, *sess, estr, "setting network socket"); + lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr); cryptDestroySession(*sess); *sess = -1; if (resp) @@ -1957,14 +1977,14 @@ static BOOL start_tls(SOCKET *sock, CRYPT_SESSION *sess, BOOL resp) if (resp) sockprintf(*sock, -1, "234 Ready to start TLS"); if ((status = cryptSetAttribute(*sess, CRYPT_SESSINFO_ACTIVE, 1)) != CRYPT_OK) { - estr = get_crypt_error(*sess); - lprintf(LOG_ERR, "Unable to set session active (%d:%s)", status, estr); - free_crypt_attrstr(estr); + get_crypt_error_string(status, *sess, estr, "setting session active"); + lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr); return TRUE; } if (startup->max_inactivity) { - if (cryptSetAttribute(*sess, CRYPT_OPTION_NET_READTIMEOUT, startup->max_inactivity) != CRYPT_OK) { - lprintf(LOG_ERR, "Unable to set max inactivity"); + if ((status = cryptSetAttribute(*sess, CRYPT_OPTION_NET_READTIMEOUT, startup->max_inactivity)) != CRYPT_OK) { + get_crypt_error_string(status, *sess, estr, "setting read timeout"); + lprintf(LOG_ERR, "%04d FTP ERROR %s", *sock, estr); return TRUE; } } diff --git a/src/sbbs3/ssl.c b/src/sbbs3/ssl.c index 8a8ef73fb6718e0ce857742f41d6b06b8f26676f..6e66543ce59705fc34ffb6a38f8afaa714a50ebf 100644 --- a/src/sbbs3/ssl.c +++ b/src/sbbs3/ssl.c @@ -32,135 +32,138 @@ char* DLLCALL get_crypt_error(CRYPT_HANDLE sess) return get_crypt_attribute(sess, CRYPT_ATTRIBUTE_ERRORMESSAGE); } -bool get_crypt_error_string(int status, CRYPT_HANDLE sess, char estr[SSL_ESTR_LEN], char *file, int line) +bool DLLCALL get_crypt_error_string(int status, CRYPT_HANDLE sess, char estr[SSL_ESTR_LEN], const char *action) { - char *emsg; + char *emsg = NULL; if (cryptStatusOK(status)) return true; - emsg = get_crypt_error(sess); - if (emsg == NULL) { - switch(status) { - case CRYPT_ERROR_PARAM1: - emsg = strdup("Bad argument, parameter 1"); - break; - case CRYPT_ERROR_PARAM2: - emsg = strdup("Bad argument, parameter 2"); - break; - case CRYPT_ERROR_PARAM3: - emsg = strdup("Bad argument, parameter 3"); - break; - case CRYPT_ERROR_PARAM4: - emsg = strdup("Bad argument, parameter 4"); - break; - case CRYPT_ERROR_PARAM5: - emsg = strdup("Bad argument, parameter 5"); - break; - case CRYPT_ERROR_PARAM6: - emsg = strdup("Bad argument, parameter 6"); - break; - case CRYPT_ERROR_PARAM7: - emsg = strdup("Bad argument, parameter 7"); - break; + if (estr) { + if (sess != CRYPT_UNUSED) + emsg = get_crypt_error(sess); + if (emsg == NULL) { + switch(status) { + case CRYPT_ERROR_PARAM1: + emsg = strdup("Bad argument, parameter 1"); + break; + case CRYPT_ERROR_PARAM2: + emsg = strdup("Bad argument, parameter 2"); + break; + case CRYPT_ERROR_PARAM3: + emsg = strdup("Bad argument, parameter 3"); + break; + case CRYPT_ERROR_PARAM4: + emsg = strdup("Bad argument, parameter 4"); + break; + case CRYPT_ERROR_PARAM5: + emsg = strdup("Bad argument, parameter 5"); + break; + case CRYPT_ERROR_PARAM6: + emsg = strdup("Bad argument, parameter 6"); + break; + case CRYPT_ERROR_PARAM7: + emsg = strdup("Bad argument, parameter 7"); + break; - /* Errors due to insufficient resources */ + /* Errors due to insufficient resources */ - case CRYPT_ERROR_MEMORY: - emsg = strdup("Out of memory"); - break; - case CRYPT_ERROR_NOTINITED: - emsg = strdup("Data has not been initialised"); - break; - case CRYPT_ERROR_INITED: - emsg = strdup("Data has already been init'd"); - break; - case CRYPT_ERROR_NOSECURE: - emsg = strdup("Opn.not avail.at requested sec.level"); - break; - case CRYPT_ERROR_RANDOM: - emsg = strdup("No reliable random data available"); - break; - case CRYPT_ERROR_FAILED: - emsg = strdup("Operation failed"); - break; - case CRYPT_ERROR_INTERNAL: - emsg = strdup("Internal consistency check failed"); - break; + case CRYPT_ERROR_MEMORY: + emsg = strdup("Out of memory"); + break; + case CRYPT_ERROR_NOTINITED: + emsg = strdup("Data has not been initialised"); + break; + case CRYPT_ERROR_INITED: + emsg = strdup("Data has already been init'd"); + break; + case CRYPT_ERROR_NOSECURE: + emsg = strdup("Opn.not avail.at requested sec.level"); + break; + case CRYPT_ERROR_RANDOM: + emsg = strdup("No reliable random data available"); + break; + case CRYPT_ERROR_FAILED: + emsg = strdup("Operation failed"); + break; + case CRYPT_ERROR_INTERNAL: + emsg = strdup("Internal consistency check failed"); + break; - /* Security violations */ + /* Security violations */ - case CRYPT_ERROR_NOTAVAIL: - emsg = strdup("This type of opn.not available"); - break; - case CRYPT_ERROR_PERMISSION: - emsg = strdup("No permiss.to perform this operation"); - break; - case CRYPT_ERROR_WRONGKEY: - emsg = strdup("Incorrect key used to decrypt data"); - break; - case CRYPT_ERROR_INCOMPLETE: - emsg = strdup("Operation incomplete/still in progress"); - break; - case CRYPT_ERROR_COMPLETE: - emsg = strdup("Operation complete/can't continue"); - break; - case CRYPT_ERROR_TIMEOUT: - emsg = strdup("Operation timed out before completion"); - break; - case CRYPT_ERROR_INVALID: - emsg = strdup("Invalid/inconsistent information"); - break; - case CRYPT_ERROR_SIGNALLED: - emsg = strdup("Resource destroyed by extnl.event"); - break; - - /* High-level function errors */ + case CRYPT_ERROR_NOTAVAIL: + emsg = strdup("This type of opn.not available"); + break; + case CRYPT_ERROR_PERMISSION: + emsg = strdup("No permiss.to perform this operation"); + break; + case CRYPT_ERROR_WRONGKEY: + emsg = strdup("Incorrect key used to decrypt data"); + break; + case CRYPT_ERROR_INCOMPLETE: + emsg = strdup("Operation incomplete/still in progress"); + break; + case CRYPT_ERROR_COMPLETE: + emsg = strdup("Operation complete/can't continue"); + break; + case CRYPT_ERROR_TIMEOUT: + emsg = strdup("Operation timed out before completion"); + break; + case CRYPT_ERROR_INVALID: + emsg = strdup("Invalid/inconsistent information"); + break; + case CRYPT_ERROR_SIGNALLED: + emsg = strdup("Resource destroyed by extnl.event"); + break; - case CRYPT_ERROR_OVERFLOW: - emsg = strdup("Resources/space exhausted"); - break; - case CRYPT_ERROR_UNDERFLOW: - emsg = strdup("Not enough data available"); - break; - case CRYPT_ERROR_BADDATA: - emsg = strdup("Bad/unrecognised data format"); - break; - case CRYPT_ERROR_SIGNATURE: - emsg = strdup("Signature/integrity check failed"); - break; + /* High-level function errors */ - /* Data access function errors */ + case CRYPT_ERROR_OVERFLOW: + emsg = strdup("Resources/space exhausted"); + break; + case CRYPT_ERROR_UNDERFLOW: + emsg = strdup("Not enough data available"); + break; + case CRYPT_ERROR_BADDATA: + emsg = strdup("Bad/unrecognised data format"); + break; + case CRYPT_ERROR_SIGNATURE: + emsg = strdup("Signature/integrity check failed"); + break; - case CRYPT_ERROR_OPEN: - emsg = strdup("Cannot open object"); - break; - case CRYPT_ERROR_READ: - emsg = strdup("Cannot read item from object"); - break; - case CRYPT_ERROR_WRITE: - emsg = strdup("Cannot write item to object"); - break; - case CRYPT_ERROR_NOTFOUND: - emsg = strdup("Requested item not found in object"); - break; - case CRYPT_ERROR_DUPLICATE: - emsg = strdup("Item already present in object"); - break; + /* Data access function errors */ - /* Data enveloping errors */ + case CRYPT_ERROR_OPEN: + emsg = strdup("Cannot open object"); + break; + case CRYPT_ERROR_READ: + emsg = strdup("Cannot read item from object"); + break; + case CRYPT_ERROR_WRITE: + emsg = strdup("Cannot write item to object"); + break; + case CRYPT_ERROR_NOTFOUND: + emsg = strdup("Requested item not found in object"); + break; + case CRYPT_ERROR_DUPLICATE: + emsg = strdup("Item already present in object"); + break; - case CRYPT_ENVELOPE_RESOURCE: - emsg = strdup("Need resource to proceed"); - break; + /* Data enveloping errors */ + + case CRYPT_ENVELOPE_RESOURCE: + emsg = strdup("Need resource to proceed"); + break; + } } + if (emsg) { + safe_snprintf(estr, SSL_ESTR_LEN, "'%s' (%d) %s", emsg, status, action); + free_crypt_attrstr(emsg); + } + else + safe_snprintf(estr, SSL_ESTR_LEN, "(%d) %s", status, action); } - if (emsg) { - safe_snprintf(estr, SSL_ESTR_LEN, "cryptlib error %d at %s:%d (%s)", status, file, line, emsg); - free_crypt_attrstr(emsg); - } - else - safe_snprintf(estr, SSL_ESTR_LEN, "cryptlib error %d at %s:%d", status, file, line); return false; } @@ -201,7 +204,7 @@ bool DLLCALL is_crypt_initialized(void) return cryptlib_initialized; } -#define DO(x) get_crypt_error_string(x, ssl_context, estr, __FILE__, __LINE__) +#define DO(action, handle, x) get_crypt_error_string(x, handle, estr, action) CRYPT_CONTEXT DLLCALL get_ssl_cert(scfg_t *cfg, char estr[SSL_ESTR_LEN]) { @@ -222,56 +225,54 @@ CRYPT_CONTEXT DLLCALL get_ssl_cert(scfg_t *cfg, char estr[SSL_ESTR_LEN]) /* Get the certificate... first try loading it from a file... */ SAFEPRINTF2(str,"%s%s",cfg->ctrl_dir,"ssl.cert"); if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_READONLY))) { - if(!DO(cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) { + if(!DO("getting private key", ssl_keyset, cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) { pthread_mutex_unlock(&ssl_cert_mutex); return -1; } } else { /* Couldn't do that... create a new context and use the cert from there... */ - if(!cryptStatusOK(i=cryptCreateContext(&ssl_context, CRYPT_UNUSED, CRYPT_ALGO_RSA))) { + if(!DO("creating SSL context", CRYPT_UNUSED, cryptStatusOK(i=cryptCreateContext(&ssl_context, CRYPT_UNUSED, CRYPT_ALGO_RSA)))) { pthread_mutex_unlock(&ssl_cert_mutex); - if (estr) - sprintf(estr, "cryptlib error %d creating SSL context",i); return -1; } - if(!DO(cryptSetAttributeString(ssl_context, CRYPT_CTXINFO_LABEL, "ssl_cert", 8))) + if(!DO("setting label", ssl_context, cryptSetAttributeString(ssl_context, CRYPT_CTXINFO_LABEL, "ssl_cert", 8))) goto failure_return_1; - if(!DO(cryptGenerateKey(ssl_context))) + if(!DO("generating key", ssl_context, cryptGenerateKey(ssl_context))) goto failure_return_1; - if(!DO(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_CREATE))) + if(!DO("opening keyset", CRYPT_UNUSED, cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_CREATE))) goto failure_return_1; - if(!DO(cryptAddPrivateKey(ssl_keyset, ssl_context, cfg->sys_pass))) + if(!DO("adding private key", ssl_keyset, cryptAddPrivateKey(ssl_keyset, ssl_context, cfg->sys_pass))) goto failure_return_2; - if(!DO(cryptCreateCert(&ssl_cert, CRYPT_UNUSED, CRYPT_CERTTYPE_CERTIFICATE))) + if(!DO("creating certificate", CRYPT_UNUSED, cryptCreateCert(&ssl_cert, CRYPT_UNUSED, CRYPT_CERTTYPE_CERTIFICATE))) goto failure_return_2; - if(!DO(cryptSetAttribute(ssl_cert, CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, ssl_context))) + if(!DO("setting public key", ssl_cert, cryptSetAttribute(ssl_cert, CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, ssl_context))) goto failure_return_3; - if(!DO(cryptSetAttribute(ssl_cert, CRYPT_CERTINFO_SELFSIGNED, 1))) + if(!DO("signing certificate", ssl_cert, cryptSetAttribute(ssl_cert, CRYPT_CERTINFO_SELFSIGNED, 1))) goto failure_return_3; - if(!DO(cryptSetAttribute(ssl_cert, CRYPT_OPTION_CERT_VALIDITY, 3650))) + if(!DO("verifying certificate", ssl_cert, cryptSetAttribute(ssl_cert, CRYPT_OPTION_CERT_VALIDITY, 3650))) goto failure_return_3; - if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_COUNTRYNAME, "ZZ", 2))) + if(!DO("setting country name", ssl_cert, cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_COUNTRYNAME, "ZZ", 2))) goto failure_return_3; - if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_ORGANIZATIONNAME, cfg->sys_name, strlen(cfg->sys_name)))) + if(!DO("setting orginization name", ssl_cert, cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_ORGANIZATIONNAME, cfg->sys_name, strlen(cfg->sys_name)))) goto failure_return_3; - if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_DNSNAME, cfg->sys_inetaddr, strlen(cfg->sys_inetaddr)))) + if(!DO("setting DNS name", ssl_cert, cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_DNSNAME, cfg->sys_inetaddr, strlen(cfg->sys_inetaddr)))) goto failure_return_3; - if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_COMMONNAME, cfg->sys_inetaddr, strlen(cfg->sys_inetaddr)))) + if(!DO("setting Common Name", ssl_cert, cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_COMMONNAME, cfg->sys_inetaddr, strlen(cfg->sys_inetaddr)))) goto failure_return_3; sprintf(sysop_email, "sysop@%s", cfg->sys_inetaddr); - if(!DO(cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_RFC822NAME, sysop_email, strlen(sysop_email)))) + if(!DO("setting email", ssl_cert, cryptSetAttributeString(ssl_cert, CRYPT_CERTINFO_RFC822NAME, sysop_email, strlen(sysop_email)))) goto failure_return_3; - if(!DO(cryptSignCert(ssl_cert, ssl_context))) + if(!DO("signing certificate", ssl_cert, cryptSignCert(ssl_cert, ssl_context))) goto failure_return_3; - if(!DO(cryptAddPublicKey(ssl_keyset, ssl_cert))) + if(!DO("adding public key", ssl_keyset, cryptAddPublicKey(ssl_keyset, ssl_cert))) goto failure_return_3; cryptDestroyCert(ssl_cert); cryptKeysetClose(ssl_keyset); cryptDestroyContext(ssl_context); // Finally, load it from the file. if(cryptStatusOK(cryptKeysetOpen(&ssl_keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, str, CRYPT_KEYOPT_READONLY))) { - if(!DO(cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) { + if(!DO("getting private key", ssl_keyset, cryptGetPrivateKey(ssl_keyset, &ssl_context, CRYPT_KEYID_NAME, "ssl_cert", cfg->sys_pass))) { ssl_context = -1; } } diff --git a/src/sbbs3/ssl.h b/src/sbbs3/ssl.h index afa9f552f5e16175cfa3a2def38a7c956faafb3d..9f1efc981f152a791836167f281c7531c2e1fe6b 100644 --- a/src/sbbs3/ssl.h +++ b/src/sbbs3/ssl.h @@ -40,7 +40,7 @@ DLLEXPORT char* DLLCALL get_crypt_error(CRYPT_HANDLE sess); DLLEXPORT CRYPT_CONTEXT DLLCALL get_ssl_cert(scfg_t *cfg, char estr[SSL_ESTR_LEN]); DLLEXPORT int DLLCALL do_cryptInit(void); DLLEXPORT bool DLLCALL is_crypt_initialized(void); -DLLEXPORT bool DLLCALL get_crypt_error_string(int status, CRYPT_HANDLE sess, char estr[SSL_ESTR_LEN], char *file, int line) +DLLEXPORT bool DLLCALL get_crypt_error_string(int status, CRYPT_HANDLE sess, char estr[SSL_ESTR_LEN], const char *action); #if defined(__cplusplus) }