From 62e04d0530a36391d8e0932872ea7ee5c0281ba0 Mon Sep 17 00:00:00 2001 From: op Date: Tue, 16 May 2023 17:48:52 +0000 Subject: [PATCH] some fatal -> fatalx to improved logging errno doesn't generally contains anything useful after libtls functions, and in most cases it's explicitly cleared to avoid misuse, so change a few fatal() calls to fatalx() when logging libtls failures. Also, add the real error string, via tls_error() or tls_config_error(), that was missing before. ok millert@ --- usr.sbin/smtpd/mta.c | 19 +++++++++++-------- usr.sbin/smtpd/smtp.c | 22 +++++++++++++--------- usr.sbin/smtpd/smtpc.c | 6 +++--- 3 files changed, 27 insertions(+), 20 deletions(-) diff --git a/usr.sbin/smtpd/mta.c b/usr.sbin/smtpd/mta.c index dbcf2c01581..05506da1dbe 100644 --- a/usr.sbin/smtpd/mta.c +++ b/usr.sbin/smtpd/mta.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mta.c,v 1.243 2022/02/18 16:57:36 millert Exp $ */ +/* $OpenBSD: mta.c,v 1.244 2023/05/16 17:48:52 op Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard @@ -489,38 +489,41 @@ mta_setup_dispatcher(struct dispatcher *dispatcher) if (remote->tls_ciphers) ciphers = remote->tls_ciphers; if (ciphers && tls_config_set_ciphers(config, ciphers) == -1) - fatal("%s", tls_config_error(config)); + fatalx("%s", tls_config_error(config)); if (remote->tls_protocols) { if (tls_config_parse_protocols(&protos, remote->tls_protocols) == -1) - fatal("failed to parse protocols \"%s\"", + fatalx("failed to parse protocols \"%s\"", remote->tls_protocols); if (tls_config_set_protocols(config, protos) == -1) - fatal("%s", tls_config_error(config)); + fatalx("%s", tls_config_error(config)); } if (remote->pki) { pki = dict_get(env->sc_pki_dict, remote->pki); if (pki == NULL) - fatal("client pki \"%s\" not found ", remote->pki); + fatalx("client pki \"%s\" not found", remote->pki); tls_config_set_dheparams(config, dheparams[pki->pki_dhe]); tls_config_use_fake_private_key(config); if (tls_config_set_keypair_mem(config, pki->pki_cert, pki->pki_cert_len, NULL, 0) == -1) - fatal("tls_config_set_keypair_mem"); + fatalx("tls_config_set_keypair_mem: %s", + tls_config_error(config)); } if (remote->ca) { ca = dict_get(env->sc_ca_dict, remote->ca); if (tls_config_set_ca_mem(config, ca->ca_cert, ca->ca_cert_len) == -1) - fatal("tls_config_set_ca_mem"); + fatalx("tls_config_set_ca_mem: %s", + tls_config_error(config)); } else if (tls_config_set_ca_file(config, tls_default_ca_cert_file()) == -1) - fatal("tls_config_set_ca_file"); + fatalx("tls_config_set_ca_file: %s", + tls_config_error(config)); if (remote->tls_verify) { tls_config_verify(config); diff --git a/usr.sbin/smtpd/smtp.c b/usr.sbin/smtpd/smtp.c index a9b7d48c8a5..c76c497a1d2 100644 --- a/usr.sbin/smtpd/smtp.c +++ b/usr.sbin/smtpd/smtp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp.c,v 1.173 2022/02/18 16:57:36 millert Exp $ */ +/* $OpenBSD: smtp.c,v 1.174 2023/05/16 17:48:52 op Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -166,14 +166,14 @@ smtp_setup_listener_tls(struct listener *l) if (l->tls_ciphers) ciphers = l->tls_ciphers; if (ciphers && tls_config_set_ciphers(config, ciphers) == -1) - fatal("%s", tls_config_error(config)); + fatalx("%s", tls_config_error(config)); if (l->tls_protocols) { if (tls_config_parse_protocols(&protos, l->tls_protocols) == -1) - fatal("failed to parse protocols \"%s\"", + fatalx("failed to parse protocols \"%s\"", l->tls_protocols); if (tls_config_set_protocols(config, protos) == -1) - fatal("%s", tls_config_error(config)); + fatalx("%s", tls_config_error(config)); } pki = l->pki[0]; @@ -181,7 +181,8 @@ smtp_setup_listener_tls(struct listener *l) fatal("no pki defined"); if (tls_config_set_dheparams(config, dheparams[pki->pki_dhe]) == -1) - fatal("tls_config_set_dheparams"); + fatalx("tls_config_set_dheparams: %s", + tls_config_error(config)); tls_config_use_fake_private_key(config); for (i = 0; i < l->pkicount; i++) { @@ -189,11 +190,13 @@ smtp_setup_listener_tls(struct listener *l) if (i == 0) { if (tls_config_set_keypair_mem(config, pki->pki_cert, pki->pki_cert_len, NULL, 0) == -1) - fatal("tls_config_set_keypair_mem"); + fatalx("tls_config_set_keypair_mem: %s", + tls_config_error(config)); } else { if (tls_config_add_keypair_mem(config, pki->pki_cert, pki->pki_cert_len, NULL, 0) == -1) - fatal("tls_config_add_keypair_mem"); + fatalx("tls_config_add_keypair_mem: %s", + tls_config_error(config)); } } free(l->pki); @@ -203,7 +206,8 @@ smtp_setup_listener_tls(struct listener *l) ca = dict_get(env->sc_ca_dict, l->ca_name); if (tls_config_set_ca_mem(config, ca->ca_cert, ca->ca_cert_len) == -1) - fatal("tls_config_set_ca_mem"); + fatalx("tls_config_set_ca_mem: %s", + tls_config_error(config)); } else if (tls_config_set_ca_file(config, tls_default_ca_cert_file()) == -1) @@ -216,7 +220,7 @@ smtp_setup_listener_tls(struct listener *l) if (l->tls == NULL) fatal("tls_server"); if (tls_configure(l->tls, config) == -1) { - fatal("tls_configure: %s", tls_error(l->tls)); + fatalx("tls_configure: %s", tls_error(l->tls)); } tls_config_free(config); } diff --git a/usr.sbin/smtpd/smtpc.c b/usr.sbin/smtpd/smtpc.c index 46ecf7ed33b..915206a6908 100644 --- a/usr.sbin/smtpd/smtpc.c +++ b/usr.sbin/smtpd/smtpc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpc.c,v 1.19 2021/07/14 13:33:57 kn Exp $ */ +/* $OpenBSD: smtpc.c,v 1.20 2023/05/16 17:48:52 op Exp $ */ /* * Copyright (c) 2018 Eric Faurot @@ -237,7 +237,7 @@ main(int argc, char **argv) if (cafile == NULL) cafile = tls_default_ca_cert_file(); if (tls_config_set_ca_file(tls_config, cafile) == -1) - fatal("tls_set_ca_file"); + fatalx("tls_set_ca_file: %s", tls_config_error(tls_config)); if (!params.tls_verify) { tls_config_insecure_noverifycert(tls_config); tls_config_insecure_noverifyname(tls_config); @@ -455,7 +455,7 @@ smtp_require_tls(void *tag, struct smtp_client *proto) fatal("tls_client"); if (tls_configure(tls, tls_config) == -1) - fatal("tls_configure"); + fatalx("tls_configure: %s", tls_error(tls)); smtp_set_tls(proto, tls); } -- 2.20.1