Revision: 6863
http://svn.cherokee-project.com/changeset/6863
Author: alo
Date: 2011-09-18 16:29:21 +0200 (Sun, 18 Sep 2011)
Log Message:
-----------
Better libssl SNI error handling.
Modified Paths:
--------------
cherokee/trunk/cherokee/cryptor_libssl.c
cherokee/trunk/cherokee/error_list.py
Modified: cherokee/trunk/cherokee/cryptor_libssl.c
===================================================================
--- cherokee/trunk/cherokee/cryptor_libssl.c 2011-09-18 13:34:37 UTC (rev 6862)
+++ cherokee/trunk/cherokee/cryptor_libssl.c 2011-09-18 14:29:21 UTC (rev 6863)
@@ -499,16 +499,14 @@
rc = SSL_CTX_set_tlsext_servername_callback (n->context, openssl_sni_servername_cb);
if (rc != 1) {
OPENSSL_LAST_ERROR(error);
- LOG_ERROR (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
- goto error;
+ LOG_WARNING (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
+ } else {
+ rc = SSL_CTX_set_tlsext_servername_arg (n->context, VSERVER_SRV(vsrv));
+ if (rc != 1) {
+ OPENSSL_LAST_ERROR(error);
+ LOG_WARNING (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
+ }
}
-
- rc = SSL_CTX_set_tlsext_servername_arg (n->context, VSERVER_SRV(vsrv));
- if (rc != 1) {
- OPENSSL_LAST_ERROR(error);
- LOG_ERROR (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
- goto error;
- }
#endif /* OPENSSL_NO_TLSEXT */
*cryp_vsrv = CRYPTOR_VSRV(n);
Modified: cherokee/trunk/cherokee/error_list.py
===================================================================
--- cherokee/trunk/cherokee/error_list.py 2011-09-18 13:34:37 UTC (rev 6862)
+++ cherokee/trunk/cherokee/error_list.py 2011-09-18 14:29:21 UTC (rev 6863)
@@ -1284,7 +1284,7 @@
e('SSL_SNI',
title = "Could not activate TLS SNI for '%s': %s",
- desc = SYSTEM_ISSUE)
+ desc = "It looks like Cherokee was compiled with TLS SNI support. However, it is currently using a SSL library (libssl/openssl) without TLS SNI support, and thus SNI is disabled.")
e('SSL_CONNECTION',
title = "OpenSSL: Unable to create a new SSL connection from the SSL context: %s",
http://svn.cherokee-project.com/changeset/6863
Author: alo
Date: 2011-09-18 16:29:21 +0200 (Sun, 18 Sep 2011)
Log Message:
-----------
Better libssl SNI error handling.
Modified Paths:
--------------
cherokee/trunk/cherokee/cryptor_libssl.c
cherokee/trunk/cherokee/error_list.py
Modified: cherokee/trunk/cherokee/cryptor_libssl.c
===================================================================
--- cherokee/trunk/cherokee/cryptor_libssl.c 2011-09-18 13:34:37 UTC (rev 6862)
+++ cherokee/trunk/cherokee/cryptor_libssl.c 2011-09-18 14:29:21 UTC (rev 6863)
@@ -499,16 +499,14 @@
rc = SSL_CTX_set_tlsext_servername_callback (n->context, openssl_sni_servername_cb);
if (rc != 1) {
OPENSSL_LAST_ERROR(error);
- LOG_ERROR (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
- goto error;
+ LOG_WARNING (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
+ } else {
+ rc = SSL_CTX_set_tlsext_servername_arg (n->context, VSERVER_SRV(vsrv));
+ if (rc != 1) {
+ OPENSSL_LAST_ERROR(error);
+ LOG_WARNING (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
+ }
}
-
- rc = SSL_CTX_set_tlsext_servername_arg (n->context, VSERVER_SRV(vsrv));
- if (rc != 1) {
- OPENSSL_LAST_ERROR(error);
- LOG_ERROR (CHEROKEE_ERROR_SSL_SNI, vsrv->name.buf, error);
- goto error;
- }
#endif /* OPENSSL_NO_TLSEXT */
*cryp_vsrv = CRYPTOR_VSRV(n);
Modified: cherokee/trunk/cherokee/error_list.py
===================================================================
--- cherokee/trunk/cherokee/error_list.py 2011-09-18 13:34:37 UTC (rev 6862)
+++ cherokee/trunk/cherokee/error_list.py 2011-09-18 14:29:21 UTC (rev 6863)
@@ -1284,7 +1284,7 @@
e('SSL_SNI',
title = "Could not activate TLS SNI for '%s': %s",
- desc = SYSTEM_ISSUE)
+ desc = "It looks like Cherokee was compiled with TLS SNI support. However, it is currently using a SSL library (libssl/openssl) without TLS SNI support, and thus SNI is disabled.")
e('SSL_CONNECTION',
title = "OpenSSL: Unable to create a new SSL connection from the SSL context: %s",