From 76ae6f58fec3f10df580099206d975629d3f01d9 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sat, 13 Aug 2016 12:55:21 +0000
Subject: [PATCH] Split out the SSL options handling into a separate function,
 which makes for more readable code and reduces line wrapping. Also improve
 error messages by adding tls_config_error() to errx() where appropriate.

ok jca@
---
 usr.bin/ftp/main.c | 118 ++++++++++++++++++++++-----------------------
 1 file changed, 59 insertions(+), 59 deletions(-)

diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c
index 597d88f0371..2a8db47e326 100644
--- a/usr.bin/ftp/main.c
+++ b/usr.bin/ftp/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.109 2016/07/13 16:35:47 jsing Exp $	*/
+/*	$OpenBSD: main.c,v 1.110 2016/08/13 12:55:21 jsing Exp $	*/
 /*	$NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $	*/
 
 /*
@@ -98,6 +98,60 @@ char * const ssl_verify_opts[] = {
 };
 
 struct tls_config *tls_config;
+
+static void
+process_ssl_options(char *cp)
+{
+	const char *errstr;
+	long long depth;
+	char *str;
+
+	while (*cp) {
+		switch (getsubopt(&cp, ssl_verify_opts, &str)) {
+		case SSL_CAFILE:
+			if (str == NULL)
+				errx(1, "missing CA file");
+			if (tls_config_set_ca_file(tls_config, str) != 0)
+				errx(1, "tls ca file failed: %s",
+				    tls_config_error(tls_config));
+			break;
+		case SSL_CAPATH:
+			if (str == NULL)
+				errx(1, "missing CA directory path");
+			if (tls_config_set_ca_path(tls_config, str) != 0)
+				errx(1, "tls ca path failed: %s",
+				    tls_config_error(tls_config));
+			break;
+		case SSL_CIPHERS:
+			if (str == NULL)
+				errx(1, "missing cipher list");
+			if (tls_config_set_ciphers(tls_config, str) != 0)
+				errx(1, "tls ciphers failed: %s",
+				    tls_config_error(tls_config));
+			break;
+		case SSL_DONTVERIFY:
+			tls_config_insecure_noverifycert(tls_config);
+			tls_config_insecure_noverifyname(tls_config);
+			break;
+		case SSL_DOVERIFY:
+			tls_config_verify(tls_config);
+			break;
+		case SSL_VERIFYDEPTH:
+			if (str == NULL)
+				errx(1, "missing depth");
+			depth = strtonum(str, 0, INT_MAX, &errstr);
+			if (errstr)
+				errx(1, "certificate validation depth is %s",
+				    errstr);
+			tls_config_set_verify_depth(tls_config, (int)depth);
+			break;
+		default:
+			errx(1, "unknown -S suboption `%s'",
+			    suboptarg ? suboptarg : "");
+			/* NOTREACHED */
+		}
+	}
+}
 #endif /* !SMALL */
 
 int family = PF_UNSPEC;
@@ -112,9 +166,6 @@ main(volatile int argc, char *argv[])
 	char *outfile = NULL;
 	const char *errstr;
 	int dumb_terminal = 0;
-#ifndef SMALL
-	long long depth;
-#endif
 
 	ftpport = "ftp";
 	httpport = "http";
@@ -202,7 +253,8 @@ main(volatile int argc, char *argv[])
 			errx(1, "tls config failed");
 		tls_config_set_protocols(tls_config, TLS_PROTOCOLS_ALL);
 		if (tls_config_set_ciphers(tls_config, "all") != 0)
-			errx(1, "tls set ciphers failed");
+			errx(1, "tls set ciphers failed: %s",
+			    tls_config_error(tls_config));
 	}
 #endif /* !SMALL */
 
@@ -318,60 +370,8 @@ main(volatile int argc, char *argv[])
 
 		case 'S':
 #ifndef SMALL
-			cp = optarg;
-			while (*cp) {
-				char	*str;
-				switch (getsubopt(&cp, ssl_verify_opts, &str)) {
-				case SSL_CAFILE:
-					if (str == NULL)
-						errx(1, "missing CA file");
-					if (tls_config_set_ca_file(
-					    tls_config, str) != 0)
-						errx(1, "tls ca file failed");
-					break;
-				case SSL_CAPATH:
-					if (str == NULL)
-						errx(1, "missing CA directory"
-						    " path");
-					if (tls_config_set_ca_path(
-					    tls_config, str) != 0)
-						errx(1, "tls ca path failed");
-					break;
-				case SSL_CIPHERS:
-					if (str == NULL)
-						errx(1, "missing cipher list");
-					if (tls_config_set_ciphers(
-					    tls_config, str) != 0)
-						errx(1, "tls ciphers failed");
-					break;
-				case SSL_DONTVERIFY:
-					tls_config_insecure_noverifycert(
-					    tls_config);
-					tls_config_insecure_noverifyname(
-					    tls_config);
-					break;
-				case SSL_DOVERIFY:
-					tls_config_verify(tls_config);
-					break;
-				case SSL_VERIFYDEPTH:
-					if (str == NULL)
-						errx(1, "missing depth");
-					depth = strtonum(str, 0, INT_MAX,
-					    &errstr);
-					if (errstr)
-						errx(1, "certificate "
-						    "validation depth is %s",
-						    errstr);
-					tls_config_set_verify_depth(
-					    tls_config, (int)depth);
-					break;
-				default:
-					errx(1, "unknown -S suboption `%s'",
-					    suboptarg ? suboptarg : "");
-					/* NOTREACHED */
-				}
-			}
-#endif
+			process_ssl_options(optarg);
+#endif /* !SMALL */
 			break;
 
 		case 's':
-- 
2.20.1