mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-11 05:33:47 +01:00
Avoid spurious error logs when using NSS
The tls_log_errors() function now behaves differently for NSS than it did for OpenSSL, so we need to tweak it a bit.
This commit is contained in:
parent
dd04fc35c6
commit
52d5f4da12
@ -189,6 +189,9 @@ tor_tls_context_init(unsigned flags,
|
||||
if (old_ctx != NULL) {
|
||||
tor_tls_context_decref(old_ctx);
|
||||
}
|
||||
} else {
|
||||
tls_log_errors(NULL, LOG_WARN, LD_CRYPTO,
|
||||
"constructing a TLS context");
|
||||
}
|
||||
} else {
|
||||
if (server_identity != NULL) {
|
||||
@ -197,6 +200,9 @@ tor_tls_context_init(unsigned flags,
|
||||
key_lifetime,
|
||||
flags,
|
||||
0);
|
||||
if (rv1 < 0)
|
||||
tls_log_errors(NULL, LOG_WARN, LD_CRYPTO,
|
||||
"constructing a server TLS context");
|
||||
} else {
|
||||
tor_tls_context_t *old_ctx = server_tls_context;
|
||||
server_tls_context = NULL;
|
||||
@ -211,9 +217,11 @@ tor_tls_context_init(unsigned flags,
|
||||
key_lifetime,
|
||||
flags,
|
||||
1);
|
||||
if (rv2 < 0)
|
||||
tls_log_errors(NULL, LOG_WARN, LD_CRYPTO,
|
||||
"constructing a client TLS context");
|
||||
}
|
||||
|
||||
tls_log_errors(NULL, LOG_WARN, LD_CRYPTO, "constructing a TLS context");
|
||||
return MIN(rv1, rv2);
|
||||
}
|
||||
|
||||
@ -451,8 +459,9 @@ tor_tls_check_lifetime(int severity, tor_tls_t *tls,
|
||||
r = 0;
|
||||
done:
|
||||
tor_x509_cert_free(cert);
|
||||
/* Not expected to get invoked */
|
||||
#ifdef ENABLE_OPENSSL
|
||||
tls_log_errors(tls, LOG_WARN, LD_NET, "checking certificate lifetime");
|
||||
#endif
|
||||
|
||||
return r;
|
||||
}
|
||||
|
@ -323,8 +323,10 @@ void
|
||||
tls_log_errors(tor_tls_t *tls, int severity, int domain,
|
||||
const char *doing)
|
||||
{
|
||||
/* XXXX This implementation isn't right for NSS -- it logs the last error
|
||||
whether anything actually failed or not. */
|
||||
/* This implementation is a little different for NSS than it is for OpenSSL
|
||||
-- it logs the last error whether anything actually failed or not. So we
|
||||
have to only call it when something has gone wrong and we have a real
|
||||
error to report. */
|
||||
|
||||
(void)tls;
|
||||
PRErrorCode code = PORT_GetError();
|
||||
|
Loading…
Reference in New Issue
Block a user