diff options
| -rw-r--r-- | changes/29241_diagnostic | 4 | ||||
| -rw-r--r-- | src/lib/tls/tortls_nss.c | 8 |
2 files changed, 12 insertions, 0 deletions
diff --git a/changes/29241_diagnostic b/changes/29241_diagnostic new file mode 100644 index 0000000000..1e38654957 --- /dev/null +++ b/changes/29241_diagnostic @@ -0,0 +1,4 @@ + o Minor features (NSS, diagnostic): + - Try to log an error from NSS (if there is any) and a more useful + description of our situation if we are using NSS and a call to + SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241. diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c index 00c4af0e97..4e107fae7b 100644 --- a/src/lib/tls/tortls_nss.c +++ b/src/lib/tls/tortls_nss.c @@ -726,10 +726,18 @@ tor_tls_export_key_material,(tor_tls_t *tls, uint8_t *secrets_out, tor_assert(context_len <= UINT_MAX); SECStatus s; + /* Make sure that the error code is set here, so that we can be sure that + * any error code set after a failure was in fact caused by + * SSL_ExportKeyingMaterial. */ + PR_SetError(PR_UNKNOWN_ERROR, 0); s = SSL_ExportKeyingMaterial(tls->ssl, label, (unsigned)strlen(label), PR_TRUE, context, (unsigned)context_len, secrets_out, DIGEST256_LEN); + if (s != SECSuccess) { + tls_log_errors(tls, LOG_WARN, LD_CRYPTO, + "exporting key material for a TLS handshake"); + } return (s == SECSuccess) ? 0 : -1; } |