As with create_temp_file(), this function is called on client connects
and should not cause fatal errors when I/O (possibly temporarily) fails.
Fix this and the openssl backend implementation of x509_write_pem() to
no longer throw fatal errors.
The callers of this function are already fixed in the commit that does
the same for create_temp_file().
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <1514933571-4592-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16136.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -549,7 +549,7 @@ verify_cert_export_cert(openvpn_x509_cert_t *peercert, const char *tmp_dir, stru |
549 | 549 |
if (!tmp_dir |
550 | 550 |
|| !(peercert_filename = create_temp_file(tmp_dir, "pcf", gc))) |
551 | 551 |
{ |
552 |
- msg (M_WARN, "Failed to create peer cert file"); |
|
552 |
+ msg(M_NONFATAL, "Failed to create peer cert file"); |
|
553 | 553 |
return NULL; |
554 | 554 |
} |
555 | 555 |
|
... | ... |
@@ -557,13 +557,16 @@ verify_cert_export_cert(openvpn_x509_cert_t *peercert, const char *tmp_dir, stru |
557 | 557 |
peercert_file = fopen(peercert_filename, "w+"); |
558 | 558 |
if (!peercert_file) |
559 | 559 |
{ |
560 |
- msg(M_ERR, "Failed to open temporary file : %s", peercert_filename); |
|
560 |
+ msg(M_NONFATAL|M_ERRNO, "Failed to open temporary file: %s", |
|
561 |
+ peercert_filename); |
|
561 | 562 |
return NULL; |
562 | 563 |
} |
563 | 564 |
|
564 | 565 |
if (SUCCESS != x509_write_pem(peercert_file, peercert)) |
565 | 566 |
{ |
566 |
- msg(M_ERR, "Error writing PEM file containing certificate"); |
|
567 |
+ msg(M_NONFATAL, "Error writing PEM file containing certificate"); |
|
568 |
+ (void) platform_unlink(peercert_filename); |
|
569 |
+ peercert_filename = NULL; |
|
567 | 570 |
} |
568 | 571 |
|
569 | 572 |
fclose(peercert_file); |
... | ... |
@@ -767,7 +767,7 @@ x509_write_pem(FILE *peercert_file, X509 *peercert) |
767 | 767 |
{ |
768 | 768 |
if (PEM_write_X509(peercert_file, peercert) < 0) |
769 | 769 |
{ |
770 |
- msg(M_ERR, "Failed to write peer certificate in PEM format"); |
|
770 |
+ msg(M_NONFATAL, "Failed to write peer certificate in PEM format"); |
|
771 | 771 |
return FAILURE; |
772 | 772 |
} |
773 | 773 |
return SUCCESS; |