Merge pull request #631 from mollyim/boringssl-compat

Replace OpenSSL's ERR_PACK with ERR_GET_REASON
2025-05-12 21:30:35 +01:00 · 2022-02-18 09:37:34 +01:00 · 2022-02-18 09:37:34 +01:00 · fbbb42c9d4
commit fbbb42c9d4
parent a746d9693a 78aee89201
1 changed files with 10 additions and 11 deletions
--- a/util/netevent.c
+++ b/util/netevent.c
@ -1209,23 +1209,22 @@ squelch_err_ssl_handshake(unsigned long err)
 {
 	if(verbosity >= VERB_QUERY)
 		return 0; /* only squelch on low verbosity */
-	/* this is very specific, we could filter on ERR_GET_REASON()
-	 * (the third element in ERR_PACK) */
-	if(err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, SSL_R_HTTPS_PROXY_REQUEST) ||
-		err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, SSL_R_HTTP_REQUEST) ||
-		err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER) ||
-		err == ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_BYTES, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE)
+	if(ERR_GET_LIB(err) == ERR_LIB_SSL &&
+		(ERR_GET_REASON(err) == SSL_R_HTTPS_PROXY_REQUEST ||
+		 ERR_GET_REASON(err) == SSL_R_HTTP_REQUEST ||
+		 ERR_GET_REASON(err) == SSL_R_WRONG_VERSION_NUMBER ||
+		 ERR_GET_REASON(err) == SSL_R_SSLV3_ALERT_BAD_CERTIFICATE
 #ifdef SSL_F_TLS_POST_PROCESS_CLIENT_HELLO
-		|| err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER)
+		 || ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER
 #endif
 #ifdef SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO
-		|| err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL)
-		|| err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL)
+		 || ERR_GET_REASON(err) == SSL_R_UNKNOWN_PROTOCOL
+		 || ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL
 #  ifdef SSL_R_VERSION_TOO_LOW
-		|| err == ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_R_VERSION_TOO_LOW)
+		 || ERR_GET_REASON(err) == SSL_R_VERSION_TOO_LOW
 #  endif
 #endif
-		)
+		))
 		return 1;
 	return 0;
 }