when there are errors loading certificates with OpenSSL, log the SSL error stack #1552
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…error stack Signed-off-by: Michael Richardson <[email protected]>
|
This is a great addition, thank you. |
|
Roger Light <[email protected]> wrote:
This is a great addition, thank you. `net__print_ssl_error()` already
exists to print out the openssl error stack so I'd prefer to use that
than duplicate the code. So please either use that instead, basing on
the `fixes` branch and calling it as `net__print_ssl_error(NULL)`, and
possibly putting in your stack depth count into the implementation in
lib/net_mosq.c. Alternatively, give me the nod and I'll make the
changes myself, it's up to you.
I won't cycle back to this code for about ten days, so please go ahead.
Close this PR if you do the code.
|
ralight
added a commit
that referenced
this pull request
Feb 4, 2020
Covers when loading certificates fails, or there are ENGINE problems. Closes #1552. Thanks to Michael Richardson.
|
I've made the changes now on the fixes branch. Thanks again. |
michaeliu
added a commit
to michaeliu/mosquitto
that referenced
this pull request
Feb 7, 2020
commit f16d9e2 Author: Roger A. Light <[email protected]> Date: Thu Feb 6 21:05:52 2020 +0000 Add file missing from earlier commit. commit c4e41f3 Author: Roger A. Light <[email protected]> Date: Thu Feb 6 16:43:29 2020 +0000 Back port db_dump from develop. Closes eclipse#1519. Thanks to Christoph Krey. commit 2a8c1d0 Merge: 17e20de 4408339 Author: Roger A. Light <[email protected]> Date: Thu Feb 6 16:20:52 2020 +0000 Merge branch 'coverity-fixes' into fixes commit 17e20de Author: Roger A. Light <[email protected]> Date: Thu Feb 6 16:12:29 2020 +0000 Fix session-expiry-interval for v5 clients using -c. Default behaviour for v5 clients using `-c` is now to use infinite length sessions, as with v3 clients. Closes eclipse#1546. Thanks to Kiran Pradeep. commit 078ad75 Author: Gianfranco Costamagna <[email protected]> Date: Wed Jan 22 12:29:41 2020 +0100 cmake: add ADNS enable/disable dynamic support Signed-off-by: Gianfranco Costamagna <[email protected]> commit e9a7150 Author: Gianfranco Costamagna <[email protected]> Date: Wed Jan 22 12:31:01 2020 +0100 Bugfix: enabling DLT was overriding everything else on linker flags because of error in cmake set keyword Signed-off-by: Gianfranco Costamagna <[email protected]> commit 7a5c2d4 Author: Gianfranco Costamagna <[email protected]> Date: Wed Jan 22 12:30:25 2020 +0100 Bugfix: include "deps" directory only if BUNDLED_DEPS has been provided and set to true Signed-off-by: Gianfranco Costamagna <[email protected]> commit 56d0b95 Author: Roger A. Light <[email protected]> Date: Wed Feb 5 15:19:55 2020 +0000 Fix `--remove-retained` not obeying the `-T` option. This means `--remove-retained -t bbc/# -T bbc/one/#` would remove all retained messages in `bbc/#`, instead of leaving all of the topics in `bbc/one/#`. Closes eclipse#1585. Thanks to Simon Moser. commit 3a89059 Author: Roger A. Light <[email protected]> Date: Tue Feb 4 17:11:11 2020 +0000 Don't call SSL_shutdown() if SSL init hasn't completed. commit 07c5462 Author: Roger A. Light <[email protected]> Date: Tue Feb 4 16:59:29 2020 +0000 Print OpenSSL errors in more situations Covers when loading certificates fails, or there are ENGINE problems. Closes eclipse#1552. Thanks to Michael Richardson. commit 27b4518 Author: Roger A. Light <[email protected]> Date: Tue Feb 4 16:05:58 2020 +0000 Improve password file parsing in the broker and mosqitto_passwd. Closes eclipse#1584. Thanks to panava. commit 4408339 Author: Roger A. Light <[email protected]> Date: Thu Jan 23 12:51:47 2020 +0000 Make consts unsigned where they are compared against unsigned. commit 5528dde Author: Roger A. Light <[email protected]> Date: Thu Jan 23 12:51:12 2020 +0000 Fix possible null dereferences. commit 05ec02b Author: Roger A. Light <[email protected]> Date: Thu Jan 23 10:55:49 2020 +0000 Remove dead values. commit 18f0508 Author: Roger A. Light <[email protected]> Date: Thu Jan 23 10:07:56 2020 +0000 Fix dereference before null check. Coverity Scan 1405815. commit db62f98 Author: Roger A. Light <[email protected]> Date: Thu Jan 23 09:35:28 2020 +0000 Fix unused value being overwritten. Coverity Scan 1400727.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Errors from the SSL library need to be logged in order to determine why mosquitto will not load a certificate. (With libssl 1.1.x, certificates with SHA1 message digest are no longer accepted, which can be hard to determine otherwise)
Signed-off-by: Michael Richardson [email protected]
Signed-off-by: Michael Richardson [email protected]
make testwith your changes locally?[YES, but there does not seem to be any tests in this repo]