suzanne.soy/racket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openssl: log error if no existing cert locations

Browse Source 
This may help with situations like #1919 and #2184.
This commit is contained in:
Ryan Culpepper 2018-09-06 11:22:36 +02:00
parent b2e4d51b1b
commit dc8a2ca6ec
1 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
racket/collects/openssl/mzssl.rkt
View File

@ -43,6 +43,8 @@ TO DO:
["private/win32.rkt" (load-win32-store)] ["private/win32.rkt" (load-win32-store)]
["private/macosx.rkt" (load-macosx-keychain)]) ["private/macosx.rkt" (load-macosx-keychain)])
(define-logger openssl)
(define protocol-symbol/c (define protocol-symbol/c
(or/c 'secure 'auto 'sslv2-or-v3 'sslv2 'sslv3 'tls 'tls11 'tls12)) (or/c 'secure 'auto 'sslv2-or-v3 'sslv2 'sslv3 'tls 'tls11 'tls12))
@ -361,22 +363,24 @@ TO DO:
(define-crypto X509_get_default_cert_file_env (_fun -> _string)) (define-crypto X509_get_default_cert_file_env (_fun -> _string))
(define (x509-root-sources) (define (x509-root-sources)
(define (dir-sep) (define dir-sep (case (system-type) [(windows) ";"] [else ":"]))
(case (system-type) (define cert-file0
[(windows) ";"] (or (getenv (X509_get_default_cert_file_env)) (X509_get_default_cert_file)))
[else ":"])) (define cert-dirs0
(define (get-paths get-env get-path dir? split?) (or (getenv (X509_get_default_cert_dir_env)) (X509_get_default_cert_dir)))
(cond [libcrypto ;; Use path-string? filter to avoid {file,directory}-exists? error on "".
(let* ([result (or (getenv (get-env)) (get-path))] (define cert-files (filter path-string? (list cert-file0)))
[results (if split? (define cert-dirs (filter path-string? (string-split cert-dirs0 dir-sep)))
(string-split result (dir-sep)) ;; Log error only if *no* cert source exists (eg, on Debian/Ubuntu, default
(list result))]) ;; cert file does not exist).
(if dir? (unless (or (ormap file-exists? cert-files) (ormap directory-exists? cert-dirs))
(map (lambda (p) (list 'directory p)) results) (log-openssl-error
results))] "x509-root-sources: cert sources do not exist: ~s, ~s; ~a"
[else null])) cert-file0 cert-dirs0
(append (get-paths X509_get_default_cert_file_env X509_get_default_cert_file #f #f) (format "override using ~a, ~a"
(get-paths X509_get_default_cert_dir_env X509_get_default_cert_dir #t #t))) (X509_get_default_cert_file_env)
(X509_get_default_cert_dir_env))))
(append cert-files (map (lambda (p) (list 'directory p)) cert-dirs)))
(define ssl-default-verify-sources (define ssl-default-verify-sources
(make-parameter (make-parameter