From 908ad64d846502e8eecb887bb8509071b1c3ae38 Mon Sep 17 00:00:00 2001
From: Henrik Andersson <hean01@cendio.com>
Date: Fri, 12 May 2017 13:15:45 +0200
Subject: [PATCH] Add additional logging for SSL errors

This was added to provide more information when things fails
as in  issue #118.
---
 ssl.c | 24 ++++++++++++++++++++++++
 ssl.h |  4 +++-
 tcp.c |  5 +++--
 3 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/ssl.c b/ssl.c
index 1e887ed..73002bc 100644
--- a/ssl.c
+++ b/ssl.c
@@ -22,6 +22,24 @@
 #include "rdesktop.h"
 #include "ssl.h"
 
+/* Helper function to log internal SSL errors using logger */
+void
+rdssl_log_ssl_errors(const char *prefix)
+{
+	unsigned long err;
+	while (1)
+	{
+		err = ERR_get_error();
+		if (err == 0)
+			break;
+
+		logger(Protocol, Error,
+		       "%s, 0x%.8x:%s:%s: %s",
+		       prefix, err, ERR_lib_error_string(err),
+		       ERR_func_error_string(err), ERR_reason_error_string(err));
+	}
+}
+
 void
 rdssl_sha1_init(RDSSL_SHA1 * sha1)
 {
@@ -157,6 +175,8 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
 	{
 		logger(Protocol, Error,
 		       "rdssl_cert_to_key(), failed to get public key from certificate");
+		rdssl_log_ssl_errors("rdssl_cert_to_key()");
+
 		return NULL;
 	}
 
@@ -165,6 +185,8 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
 	{
 		logger(Protocol, Error,
 		       "rdssl_cert_to_key(), failed to get algorithm used for public key");
+		rdssl_log_ssl_errors("rdssl_cert_to_key()");
+
 		return NULL;
 	}
 
@@ -181,6 +203,8 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
 	{
 		logger(Protocol, Error,
 		       "rdssl_cert_to_rkey(), failed to extract public key from certificate");
+		rdssl_log_ssl_errors("rdssl_cert_to_key()");
+
 		return NULL;
 	}
 
diff --git a/ssl.h b/ssl.h
index cf6471e..b5d27fa 100644
--- a/ssl.h
+++ b/ssl.h
@@ -3,6 +3,7 @@
    Secure sockets abstraction layer
    Copyright (C) Matthew Chapman 1999-2008
    Copyright (C) Jay Sorg 2006-2008
+   Copyright 2017 Henrik Andersson <hean01@cendio.se> for Cendio AB
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -24,6 +25,7 @@
 #include <openssl/rc4.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
+#include <openssl/err.h>
 #include <openssl/bn.h>
 #include <openssl/x509v3.h>
 #include <openssl/hmac.h>
@@ -63,5 +65,5 @@ RD_BOOL rdssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 m
 
 void rdssl_hmac_md5(const void *key, int key_len,
 		    const unsigned char *msg, int msg_len, unsigned char *md);
-
+void rdssl_log_ssl_errors(const char *prefix);
 #endif
diff --git a/tcp.c b/tcp.c
index 9f2b387..7986e69 100644
--- a/tcp.c
+++ b/tcp.c
@@ -35,6 +35,7 @@
 #include <openssl/err.h>
 
 #include "rdesktop.h"
+#include "ssl.h"
 
 #ifdef _WIN32
 #define socklen_t int
@@ -248,7 +249,7 @@ tcp_recv(STREAM s, uint32 length)
 					return NULL;
 				}
 
-				ERR_print_errors_fp(stdout);
+				rdssl_log_ssl_errors("tcp_recv()");
 				g_network_error = True;
 				return NULL;
 			}
@@ -356,7 +357,7 @@ tcp_tls_connect(void)
 
 	if (err < 0)
 	{
-		ERR_print_errors_fp(stdout);
+		rdssl_log_ssl_errors("tcp_tls_connect()");
 		goto fail;
 	}