Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
{
if (path == NULL) {
int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
{
if (path == NULL) {
- if (SSL_CTX_set_default_ctlog_list_file(ctx) <= 0) {
- BIO_puts(bio_err, "Failed to load default Certificate Transparency "
- "log list\n");
- }
- return 1; /* Do not treat failure to load the default as an error */
+ return SSL_CTX_set_default_ctlog_list_file(ctx);
}
return SSL_CTX_set_ctlog_list_file(ctx, path);
}
return SSL_CTX_set_ctlog_list_file(ctx, path);
}
if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) {
}
if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) {
- ERR_print_errors(bio_err);
- goto end;
+ if (ct_validation != NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ /*
+ * If CT validation is not enabled, the log list isn't needed so don't
+ * show errors or abort. We try to load it regardless because then we
+ * can show the names of the logs any SCTs came from (SCTs may be seen
+ * even with validation disabled).
+ */
+ ERR_clear_error();
These functions will not clear the existing CT log list - it will be appended
to.
These functions will not clear the existing CT log list - it will be appended
to.
-SSL_CTX_set_default_ctlog_list_file() will not report errors if it fails for
-any reason. Use SSL_CTX_set_ctlog_list_file() if you want errors to be reported.
-
If an error occurs whilst parsing a particular log entry in the file, that log
entry will be skipped.
If an error occurs whilst parsing a particular log entry in the file, that log
entry will be skipped.
int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
{
int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
{
- int ret = CTLOG_STORE_load_default_file(ctx->ctlog_store);
-
- /* Clear any errors if the default file does not exist */
- ERR_clear_error();
- return ret;
+ return CTLOG_STORE_load_default_file(ctx->ctlog_store);
}
int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
}
int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)