tls_wrappers/openssl: more detailed error logs

Signed-off-by: Kun Lai <[email protected]>
inclavare-containers · Apr 13, 2023 · 2e527ae · 2e527ae
1 parent a804b43
commit 2e527ae
Show file tree

Hide file tree

Showing 7 changed files with 40 additions and 9 deletions.
diff --git a/src/core/rtls_core_generate_certificate.c b/src/core/rtls_core_generate_certificate.c
@@ -164,6 +164,15 @@ rats_tls_err_t rtls_core_generate_certificate(rtls_core_context_t *ctx)
 	if (privkey_len) {
 		tls_wrapper_err_t t_err;
 
+#if 0
+	#ifndef SGX
+		/* Dump private key of this certificate */
+		FILE *fp = fopen("/tmp/privkey.der", "wb");
+		fwrite(privkey_buf, privkey_len, 1, fp);
+		fclose(fp);
+	#endif
+#endif
+
 		t_err = ctx->tls_wrapper->opts->use_privkey(ctx->tls_wrapper, ctx->config.cert_algo,
 							    privkey_buf, privkey_len);
 		if (t_err != TLS_WRAPPER_ERR_NONE) {

diff --git a/src/crypto_wrappers/openssl/gen_cert.c b/src/crypto_wrappers/openssl/gen_cert.c
@@ -222,6 +222,15 @@ crypto_wrapper_err_t openssl_gen_cert(crypto_wrapper_ctx_t *ctx, rats_tls_cert_a
 	RTLS_DEBUG("self-signing certificate generated. cert_buf: %p, cert_len: %u\n",
 		   cert_info->cert_buf, cert_info->cert_len);
 
+#if 0
+	#ifndef SGX
+	/* Dump certificate */
+	FILE *fp = fopen("/tmp/cert_generated.der", "wb");
+	fwrite(cert_info->cert_buf, cert_info->cert_len, 1, fp);
+	fclose(fp);
+	#endif
+#endif
+
 	ret = CRYPTO_WRAPPER_ERR_NONE;
 
 err:

diff --git a/src/tls_wrappers/openssl/negotiate.c b/src/tls_wrappers/openssl/negotiate.c
@@ -51,6 +51,7 @@ tls_wrapper_err_t openssl_internal_negotiate(tls_wrapper_ctx_t *ctx, unsigned lo
 		return -TLS_WRAPPER_ERR_INVALID;
 	}
 
+	ERR_clear_error();
 	int err;
 	if (conf_flags & RATS_TLS_CONF_FLAGS_SERVER)
 		err = SSL_accept(ssl);
@@ -59,11 +60,13 @@ tls_wrapper_err_t openssl_internal_negotiate(tls_wrapper_ctx_t *ctx, unsigned lo
 
 	if (err != 1) {
 		if (conf_flags & RATS_TLS_CONF_FLAGS_SERVER)
-			RTLS_DEBUG("failed to negotiate %#x\n", err);
+			RTLS_ERR("failed to negotiate %d, SSL_get_error(): %d\n", err,
+				 SSL_get_error(ssl, err));
 		else
-			RTLS_DEBUG("failed to connect %#x\n", err);
-
-		print_openssl_err(ssl, err);
+			RTLS_ERR("failed to connect %d, SSL_get_error(): %d\n", err,
+				 SSL_get_error(ssl, err));
+		// TODO: handle result of SSL_get_error()
+		print_openssl_err_all(ssl, err);
 
 		return OPENSSL_ERR_CODE(err);
 	}
@@ -78,7 +81,6 @@ tls_wrapper_err_t openssl_internal_negotiate(tls_wrapper_ctx_t *ctx, unsigned lo
 	return TLS_WRAPPER_ERR_NONE;
 }
 
-
 tls_wrapper_err_t openssl_tls_negotiate(tls_wrapper_ctx_t *ctx, int fd)
 {
 	RTLS_DEBUG("ctx %p, fd %d\n", ctx, fd);

diff --git a/src/tls_wrappers/openssl/openssl.h b/src/tls_wrappers/openssl/openssl.h
@@ -33,7 +33,7 @@ typedef struct {
 	SSL *ssl;
 } openssl_ctx_t;
 
-static inline void print_openssl_err(SSL *ssl, int ret)
+static inline void print_openssl_err_all()
 {
 	unsigned long l;
 

diff --git a/src/tls_wrappers/openssl/receive.c b/src/tls_wrappers/openssl/receive.c
@@ -19,9 +19,14 @@ tls_wrapper_err_t openssl_tls_receive(tls_wrapper_ctx_t *ctx, void *buf, size_t
 	if (ssl_ctx == NULL || ssl_ctx->ssl == NULL)
 		return -TLS_WRAPPER_ERR_RECEIVE;
 
+	ERR_clear_error();
+
 	int rc = SSL_read(ssl_ctx->ssl, buf, (int)*buf_size);
 	if (rc <= 0) {
-		RTLS_ERR("ERROR: openssl_receive()\n");
+		// TODO: handle result of SSL_get_error()
+		RTLS_ERR("SSL_read() failed: %d, SSL_get_error(): %d\n", rc,
+			 SSL_get_error(ssl_ctx->ssl, rc));
+		print_openssl_err_all();
 		return -TLS_WRAPPER_ERR_RECEIVE;
 	}
 	*buf_size = (size_t)rc;

diff --git a/src/tls_wrappers/openssl/transmit.c b/src/tls_wrappers/openssl/transmit.c
@@ -19,9 +19,14 @@ tls_wrapper_err_t openssl_tls_transmit(tls_wrapper_ctx_t *ctx, void *buf, size_t
 	if (ssl_ctx == NULL || ssl_ctx->ssl == NULL)
 		return -TLS_WRAPPER_ERR_TRANSMIT;
 
+	ERR_clear_error();
+
 	int rc = SSL_write(ssl_ctx->ssl, buf, (int)*buf_size);
 	if (rc <= 0) {
-		RTLS_DEBUG("ERROR: tls_wrapper_openssl transmit()\n");
+		// TODO: handle result of SSL_get_error()
+		RTLS_ERR("SSL_write() failed: %d, SSL_get_error(): %d\n", rc,
+			 SSL_get_error(ssl_ctx->ssl, rc));
+		print_openssl_err_all();
 		return -TLS_WRAPPER_ERR_TRANSMIT;
 	}
 	*buf_size = (size_t)rc;

diff --git a/src/tls_wrappers/openssl/use_privkey.c b/src/tls_wrappers/openssl/use_privkey.c
@@ -31,7 +31,8 @@ tls_wrapper_err_t openssl_tls_use_privkey(tls_wrapper_ctx_t *ctx, rats_tls_cert_
 	int ret = SSL_CTX_use_PrivateKey_ASN1(EPKEY, ssl_ctx->sctx, privkey_buf, (long)privkey_len);
 
 	if (ret != SSL_SUCCESS) {
-		RTLS_ERR("failed to use private key %d\n", ret);
+		RTLS_ERR("failed to use private key.\n");
+		print_openssl_err_all();
 		return OPENSSL_ERR_CODE(ret);
 	}