aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2011-02-22 20:19:55 (GMT)
committerJouni Malinen <j@w1.fi>2011-02-22 20:19:55 (GMT)
commiteffab86ff2f6b092eff2af3e1e37f46491b66e15 (patch)
tree51961334ab7ae420bdb9ffd8e0e0d2f490767ee6 /src
parent58708b3bd1ccedc246b6fc5c6927c39b68107258 (diff)
downloadhostap-effab86ff2f6b092eff2af3e1e37f46491b66e15.zip
hostap-effab86ff2f6b092eff2af3e1e37f46491b66e15.tar.gz
hostap-effab86ff2f6b092eff2af3e1e37f46491b66e15.tar.bz2
Remove unneeded OpenSSL error messages from key/cert parsing
If parsing of the certificate or private key succeeds using any of the tried encoding types, clear the OpenSSL error queue without showing the pending errors in debug log since they do not really provide any useful output and can be confusing.
Diffstat (limited to 'src')
-rw-r--r--src/crypto/tls_openssl.c33
1 files changed, 6 insertions, 27 deletions
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index c0a40f9..24bf328 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1556,20 +1556,18 @@ static int tls_connection_client_cert(struct tls_connection *conn,
wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)"
" --> OK");
return 0;
- } else {
- tls_show_errors(MSG_DEBUG, __func__,
- "SSL_use_certificate_file (DER) failed");
}
if (SSL_use_certificate_file(conn->ssl, client_cert,
SSL_FILETYPE_PEM) == 1) {
+ ERR_clear_error();
wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
" --> OK");
return 0;
- } else {
- tls_show_errors(MSG_DEBUG, __func__,
- "SSL_use_certificate_file (PEM) failed");
}
+
+ tls_show_errors(MSG_DEBUG, __func__,
+ "SSL_use_certificate_file failed");
#else /* OPENSSL_NO_STDIO */
wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
#endif /* OPENSSL_NO_STDIO */
@@ -1900,10 +1898,6 @@ static int tls_connection_private_key(void *_ssl_ctx,
"ASN1(EVP_PKEY_RSA) --> OK");
ok = 1;
break;
- } else {
- tls_show_errors(MSG_DEBUG, __func__,
- "SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA)"
- " failed");
}
if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
@@ -1913,10 +1907,6 @@ static int tls_connection_private_key(void *_ssl_ctx,
"ASN1(EVP_PKEY_DSA) --> OK");
ok = 1;
break;
- } else {
- tls_show_errors(MSG_DEBUG, __func__,
- "SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA)"
- " failed");
}
if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
@@ -1926,9 +1916,6 @@ static int tls_connection_private_key(void *_ssl_ctx,
"SSL_use_RSAPrivateKey_ASN1 --> OK");
ok = 1;
break;
- } else {
- tls_show_errors(MSG_DEBUG, __func__,
- "SSL_use_RSAPrivateKey_ASN1 failed");
}
if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
@@ -1950,10 +1937,6 @@ static int tls_connection_private_key(void *_ssl_ctx,
"SSL_use_PrivateKey_File (DER) --> OK");
ok = 1;
break;
- } else {
- tls_show_errors(MSG_DEBUG, __func__,
- "SSL_use_PrivateKey_File (DER) "
- "failed");
}
if (SSL_use_PrivateKey_file(conn->ssl, private_key,
@@ -1962,10 +1945,6 @@ static int tls_connection_private_key(void *_ssl_ctx,
"SSL_use_PrivateKey_File (PEM) --> OK");
ok = 1;
break;
- } else {
- tls_show_errors(MSG_DEBUG, __func__,
- "SSL_use_PrivateKey_File (PEM) "
- "failed");
}
#else /* OPENSSL_NO_STDIO */
wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
@@ -1991,9 +1970,9 @@ static int tls_connection_private_key(void *_ssl_ctx,
}
if (!ok) {
- wpa_printf(MSG_INFO, "OpenSSL: Failed to load private key");
+ tls_show_errors(MSG_INFO, __func__,
+ "Failed to load private key");
os_free(passwd);
- ERR_clear_error();
return -1;
}
ERR_clear_error();