Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cherokee: commits

[6863] cherokee/trunk/cherokee: Better libssl SNI error handling.

  

 
Cherokee commits RSS feed   Index | Next | Previous | View Threaded


cherokee at cherokee-project

Sep 18, 2011, 7:29 AM

Post #1 of 1 (108 views)
Permalink
[6863] cherokee/trunk/cherokee: Better libssl SNI error handling.
Revision: 6863
http://svn.cherokee-project.com/changeset/6863
Author: alo
Date: 2011-09-18 16:29:21 +0200 (Sun, 18 Sep 2011)
Log Message:
-----------
Better libssl SNI error handling.

Modified Paths:
--------------
cherokee/trunk/cherokee/cryptor_libssl.c
cherokee/trunk/cherokee/error_list.py

Modified: cherokee/trunk/cherokee/cryptor_libssl.c
===================================================================
--- cherokee/trunk/cherokee/cryptor_libssl.c 2011-09-18 13:34:37 UTC (rev 6862)
+++ cherokee/trunk/cherokee/cryptor_libssl.c 2011-09-18 14:29:21 UTC (rev 6863)
@@ -499,16 +499,14 @@
rc = SSL_CTX_set_tlsext_servername_callback (n->context, openssl_sni_servername_cb);
if (rc != 1) {
OPENSSL_LAST_ERROR(error);
- LOG_ERROR (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
- goto error;
+ LOG_WARNING (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
+ } else {
+ rc = SSL_CTX_set_tlsext_servername_arg (n->context, VSERVER_SRV(vsrv));
+ if (rc != 1) {
+ OPENSSL_LAST_ERROR(error);
+ LOG_WARNING (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
+ }
}
-
- rc = SSL_CTX_set_tlsext_servername_arg (n->context, VSERVER_SRV(vsrv));
- if (rc != 1) {
- OPENSSL_LAST_ERROR(error);
- LOG_ERROR (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
- goto error;
- }
#endif /* OPENSSL_NO_TLSEXT */

*cryp_vsrv = CRYPTOR_VSRV(n);

Modified: cherokee/trunk/cherokee/error_list.py
===================================================================
--- cherokee/trunk/cherokee/error_list.py 2011-09-18 13:34:37 UTC (rev 6862)
+++ cherokee/trunk/cherokee/error_list.py 2011-09-18 14:29:21 UTC (rev 6863)
@@ -1284,7 +1284,7 @@

e('SSL_SNI',
title = "Could not activate TLS SNI for '%s': %s",
- desc = SYSTEM_ISSUE)
+ desc = "It looks like Cherokee was compiled with TLS SNI support. However, it is currently using a SSL library (libssl/openssl) without TLS SNI support, and thus SNI is disabled.")

e('SSL_CONNECTION',
title = "OpenSSL: Unable to create a new SSL connection from the SSL context: %s",

Cherokee commits RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.