# HG changeset patch # User Daniel Atallah # Date 1189093083 0 # Node ID fb3b3e93b9ca234f3b0e30b9b867d3c490fc57fa # Parent a2f5a28ba983fed8809b780c5f70851b4728506b Attempt to display user readable error messages for NSS. diff -r a2f5a28ba983 -r fb3b3e93b9ca libpurple/plugins/ssl/ssl-nss.c --- a/libpurple/plugins/ssl/ssl-nss.c Thu Sep 06 07:59:55 2007 +0000 +++ b/libpurple/plugins/ssl/ssl-nss.c Thu Sep 06 15:38:03 2007 +0000 @@ -107,6 +107,20 @@ } } +static gchar *get_error_text() +{ + PRInt32 len = PR_GetErrorTextLength(); + gchar *ret = NULL; + + if (len > 0) { + ret = g_malloc(len + 1); + len = PR_GetErrorText(ret); + ret[len] = '\0'; + } + + return ret; +} + static void ssl_nss_init_nss(void) { @@ -220,11 +234,14 @@ * It seems to work because it'll eventually use the cached value */ if(SSL_ForceHandshake(nss_data->in) != SECSuccess) { + gchar *error_txt; set_errno(PR_GetError()); if (errno == EAGAIN || errno == EWOULDBLOCK) return; - purple_debug_error("nss", "Handshake failed %d\n", PR_GetError()); + error_txt = get_error_text(); + purple_debug_error("nss", "Handshake failed %s (%d)\n", error_txt ? error_txt : "", PR_GetError()); + g_free(error_txt); if (gsc->error_cb != NULL) gsc->error_cb(gsc, PURPLE_SSL_HANDSHAKE_FAILED, gsc->connect_cb_data); @@ -265,8 +282,11 @@ socket_opt.option = PR_SockOpt_Nonblocking; socket_opt.value.non_blocking = PR_TRUE; - if (PR_SetSocketOption(nss_data->fd, &socket_opt) != PR_SUCCESS) - purple_debug_warning("nss", "unable to set socket into non-blocking mode: %d\n", PR_GetError()); + if (PR_SetSocketOption(nss_data->fd, &socket_opt) != PR_SUCCESS) { + gchar *error_txt = get_error_text(); + purple_debug_warning("nss", "unable to set socket into non-blocking mode: %s (%d)\n", error_txt ? error_txt : "", PR_GetError()); + g_free(error_txt); + } nss_data->in = SSL_ImportFD(NULL, nss_data->fd); @@ -365,10 +385,12 @@ ssl_nss_peer_certs(PurpleSslConnection *gsc) { PurpleSslNssData *nss_data = PURPLE_SSL_NSS_DATA(gsc); + CERTCertificate *cert; +/* GList *chain = NULL; - CERTCertificate *cert; void *pinArg; SECStatus status; +*/ /* TODO: this is a blind guess */ cert = SSL_PeerCertificate(nss_data->fd); @@ -487,6 +509,7 @@ g_free(crt); } +#if 0 /** Determines whether one certificate has been issued and signed by another * * @param crt Certificate to check the signature of @@ -501,6 +524,7 @@ { return FALSE; } +#endif static GByteArray * x509_sha1sum(PurpleCertificate *crt)