OCSP stapling: log error data in ngx_ssl_error().

It's hard to debug OCSP_basic_verify() failures without the actual error
string it records in the error data field.
This commit is contained in:
Maxim Dounin 2012-10-01 12:50:36 +00:00
parent a8c15d74c1
commit f97f662247

View file

@ -1590,10 +1590,12 @@ ngx_ssl_clear_error(ngx_log_t *log)
void ngx_cdecl
ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
{
u_long n;
va_list args;
u_char *p, *last;
u_char errstr[NGX_MAX_CONF_ERRSTR];
int flags;
u_long n;
va_list args;
u_char *p, *last;
u_char errstr[NGX_MAX_CONF_ERRSTR];
const char *data;
last = errstr + NGX_MAX_CONF_ERRSTR;
@ -1605,14 +1607,14 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
for ( ;; ) {
n = ERR_get_error();
n = ERR_peek_error_line_data(NULL, NULL, &data, &flags);
if (n == 0) {
break;
}
if (p >= last) {
continue;
goto next;
}
*p++ = ' ';
@ -1622,6 +1624,15 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
while (p < last && *p) {
p++;
}
if (p < last && *data && (flags & ERR_TXT_STRING)) {
*p++ = ':';
p = ngx_cpystrn(p, (u_char *) data, last - p);
}
next:
(void) ERR_get_error();
}
ngx_log_error(level, log, err, "%s)", errstr);