DragonX/dragonx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Improve TLS error reporting

Browse Source
This commit is contained in:
Duke Leto
2021-03-29 09:57:03 -04:00
parent 84ac805f11
commit fe0d371165
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/hush/tlsmanager.cpp
View File

@@ -425,8 +425,11 @@ bool TLSManager::CheckKeyCert()
return false; return false;
} }
if (wolfSSL_X509_verify(mycert, mykey) == WOLFSSL_SUCCESS) { int err = wolfSSL_X509_verify(mycert, mykey);
if (err == WOLFSSL_SUCCESS) {
return true; return true;
} else {
LogPrintf("%s: x509 verification error: %d = %s\n", __func__, err);
} }
LogPrintf("Generated key and certificate do not match!!!\n"); LogPrintf("Generated key and certificate do not match!!!\n");

6
src/hush/utiltls.cpp
View File

@@ -43,6 +43,7 @@ WOLFSSL_EVP_PKEY* GenerateEcKey(int nid)
WOLFSSL_X509* GenerateCertificate(WOLFSSL_EVP_PKEY *keypair) WOLFSSL_X509* GenerateCertificate(WOLFSSL_EVP_PKEY *keypair)
{ {
if (!keypair) { if (!keypair) {
LogPrintf("%s: Null keypair!\n", __func__);
return NULL; return NULL;
} }
@@ -60,12 +61,17 @@ WOLFSSL_X509* GenerateCertificate(WOLFSSL_EVP_PKEY *keypair)
// private key from keypair is used; signature will be set inside of the cert // private key from keypair is used; signature will be set inside of the cert
bCertSigned = wolfSSL_X509_sign(cert, keypair, wolfSSL_EVP_sha512()); bCertSigned = wolfSSL_X509_sign(cert, keypair, wolfSSL_EVP_sha512());
} }
} else {
LogPrintf("%s: Unable to alloc rand bytes!\n", __func__);
} }
if (!bCertSigned) { if (!bCertSigned) {
LogPrintf("%s: TLS cert not signed correctly!\n", __func__);
wolfSSL_X509_free(cert); wolfSSL_X509_free(cert);
cert = NULL; cert = NULL;
} }
} else {
LogPrintf("%s: Unable to create x509 cert!\n", __func__);
} }
return cert; return cert;