Remove unneeded OpenSSL error messages from key/cert parsing

If parsing of the certificate or private key succeeds using any of
the tried encoding types, clear the OpenSSL error queue without
showing the pending errors in debug log since they do not really
provide any useful output and can be confusing.
This commit is contained in:
Jouni Malinen 2011-02-22 22:19:55 +02:00 committed by Jouni Malinen
parent 58708b3bd1
commit effab86ff2

View file

@ -1556,20 +1556,18 @@ static int tls_connection_client_cert(struct tls_connection *conn,
wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)" wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)"
" --> OK"); " --> OK");
return 0; return 0;
} else {
tls_show_errors(MSG_DEBUG, __func__,
"SSL_use_certificate_file (DER) failed");
} }
if (SSL_use_certificate_file(conn->ssl, client_cert, if (SSL_use_certificate_file(conn->ssl, client_cert,
SSL_FILETYPE_PEM) == 1) { SSL_FILETYPE_PEM) == 1) {
ERR_clear_error();
wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)" wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)"
" --> OK"); " --> OK");
return 0; return 0;
} else {
tls_show_errors(MSG_DEBUG, __func__,
"SSL_use_certificate_file (PEM) failed");
} }
tls_show_errors(MSG_DEBUG, __func__,
"SSL_use_certificate_file failed");
#else /* OPENSSL_NO_STDIO */ #else /* OPENSSL_NO_STDIO */
wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__);
#endif /* OPENSSL_NO_STDIO */ #endif /* OPENSSL_NO_STDIO */
@ -1900,10 +1898,6 @@ static int tls_connection_private_key(void *_ssl_ctx,
"ASN1(EVP_PKEY_RSA) --> OK"); "ASN1(EVP_PKEY_RSA) --> OK");
ok = 1; ok = 1;
break; break;
} else {
tls_show_errors(MSG_DEBUG, __func__,
"SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA)"
" failed");
} }
if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl, if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl,
@ -1913,10 +1907,6 @@ static int tls_connection_private_key(void *_ssl_ctx,
"ASN1(EVP_PKEY_DSA) --> OK"); "ASN1(EVP_PKEY_DSA) --> OK");
ok = 1; ok = 1;
break; break;
} else {
tls_show_errors(MSG_DEBUG, __func__,
"SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA)"
" failed");
} }
if (SSL_use_RSAPrivateKey_ASN1(conn->ssl, if (SSL_use_RSAPrivateKey_ASN1(conn->ssl,
@ -1926,9 +1916,6 @@ static int tls_connection_private_key(void *_ssl_ctx,
"SSL_use_RSAPrivateKey_ASN1 --> OK"); "SSL_use_RSAPrivateKey_ASN1 --> OK");
ok = 1; ok = 1;
break; break;
} else {
tls_show_errors(MSG_DEBUG, __func__,
"SSL_use_RSAPrivateKey_ASN1 failed");
} }
if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob, if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob,
@ -1950,10 +1937,6 @@ static int tls_connection_private_key(void *_ssl_ctx,
"SSL_use_PrivateKey_File (DER) --> OK"); "SSL_use_PrivateKey_File (DER) --> OK");
ok = 1; ok = 1;
break; break;
} else {
tls_show_errors(MSG_DEBUG, __func__,
"SSL_use_PrivateKey_File (DER) "
"failed");
} }
if (SSL_use_PrivateKey_file(conn->ssl, private_key, if (SSL_use_PrivateKey_file(conn->ssl, private_key,
@ -1962,10 +1945,6 @@ static int tls_connection_private_key(void *_ssl_ctx,
"SSL_use_PrivateKey_File (PEM) --> OK"); "SSL_use_PrivateKey_File (PEM) --> OK");
ok = 1; ok = 1;
break; break;
} else {
tls_show_errors(MSG_DEBUG, __func__,
"SSL_use_PrivateKey_File (PEM) "
"failed");
} }
#else /* OPENSSL_NO_STDIO */ #else /* OPENSSL_NO_STDIO */
wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO",
@ -1991,9 +1970,9 @@ static int tls_connection_private_key(void *_ssl_ctx,
} }
if (!ok) { if (!ok) {
wpa_printf(MSG_INFO, "OpenSSL: Failed to load private key"); tls_show_errors(MSG_INFO, __func__,
"Failed to load private key");
os_free(passwd); os_free(passwd);
ERR_clear_error();
return -1; return -1;
} }
ERR_clear_error(); ERR_clear_error();