Free the realm name which is strdup'd when config is read.

[radsecproxy.git] / lib / tls.c

diff --git a/lib/tls.c b/lib/tls.c
index 0b3580c..6fcf5a0 100644 (file)
--- a/lib/tls.c
+++ b/lib/tls.c
@@ -1,4 +1,5 @@
-/* See the file COPYING for licensing information.  */
+/* Copyright 2010, 2011 NORDUnet A/S. All rights reserved.
+   See the file COPYING for licensing information.  */
 
 #if defined HAVE_CONFIG_H
 #include <config.h>
@@ -6,6 +7,7 @@
 
 #include <assert.h>
 #include <openssl/ssl.h>
+#include <openssl/err.h>
 #include <radsec/radsec.h>
 #include <radsec/radsec-impl.h>
 
@@ -14,9 +16,9 @@
 #include "../radsecproxy.h"
 
 static struct tls *
-_get_tlsconf (struct rs_context *ctx, const struct rs_realm *realm)
+_get_tlsconf (struct rs_connection *conn, const struct rs_realm *realm)
 {
-  struct tls *c = rs_malloc (ctx, sizeof (struct tls));
+  struct tls *c = rs_malloc (conn->ctx, sizeof (struct tls));
 
   if (c)
     {
@@ -34,7 +36,7 @@ _get_tlsconf (struct rs_context *ctx, const struct rs_realm *realm)
       c->policyoids = (char **) NULL; /* NYI */
     }
     else
-      rs_err_ctx_push_fl (ctx, RSE_NOMEM, __FILE__, __LINE__, NULL);
+      rs_err_conn_push_fl (conn, RSE_NOMEM, __FILE__, __LINE__, NULL);
 
   return c;
 }
@@ -42,31 +44,33 @@ _get_tlsconf (struct rs_context *ctx, const struct rs_realm *realm)
 int
 rs_tls_init (struct rs_connection *conn)
 {
-  struct rs_context *ctx;
-  struct tls *tlsconf;
-  SSL_CTX *ssl_ctx;
-  SSL *ssl;
+  struct rs_context *ctx = NULL;
+  struct tls *tlsconf = NULL;
+  SSL_CTX *ssl_ctx = NULL;
+  SSL *ssl = NULL;
+  unsigned long sslerr = 0;
+
   assert (conn->ctx);
   ctx = conn->ctx;
 
-  tlsconf = _get_tlsconf (ctx, conn->active_peer->realm);
+  tlsconf = _get_tlsconf (conn, conn->active_peer->realm);
   if (!tlsconf)
     return -1;
   ssl_ctx = tlsgetctx (RADPROT_TLS, tlsconf);
   if (!ssl_ctx)
     {
-      /* TODO: check radsecproxy error  */
-      return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
-                                 NULL);
+      for (sslerr = ERR_get_error (); sslerr; sslerr = ERR_get_error ())
+        rs_err_conn_push_fl (conn, RSE_SSLERR, __FILE__, __LINE__,
+                             ERR_error_string (sslerr, NULL));
+      return -1;
     }
-
   ssl = SSL_new (ssl_ctx);
   if (!ssl)
     {
-      /* TODO: check and report SSL error  */
-      /* TODO: free ssl_ctx  */
-      return rs_err_conn_push_fl (conn, RSE_SOME_ERROR, __FILE__, __LINE__,
-                                 NULL);
+      for (sslerr = ERR_get_error (); sslerr; sslerr = ERR_get_error ())
+       rs_err_conn_push_fl (conn, RSE_SSLERR, __FILE__, __LINE__,
+                            ERR_error_string (sslerr, NULL));
+      return -1;
     }
 
   conn->tls_ctx = ssl_ctx;