[crypto,tls] log BIO_do_handshake errors

add proper logging to make details of failures auditable
2024-05-23 11:02:34 +02:00 · 2024-05-23 11:02:34 +02:00 · ef86df9a26
commit ef86df9a26
parent 1b3f3a0408
1 changed files with 11 additions and 0 deletions
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@ -898,6 +898,12 @@ TlsHandshakeResult freerdp_tls_connect_ex(rdpTls* tls, BIO* underlying, const SS
 	return freerdp_tls_handshake(tls);
 }

+static int bio_err_print(const char* str, size_t len, void* u)
+{
+	wLog* log = u;
+	WLog_Print(log, WLOG_ERROR, "[BIO_do_handshake] %s [%" PRIuz "]", str, len);
+}
+
 TlsHandshakeResult freerdp_tls_handshake(rdpTls* tls)
 {
 	TlsHandshakeResult ret = TLS_HANDSHAKE_ERROR;
@ -907,7 +913,12 @@ TlsHandshakeResult freerdp_tls_handshake(rdpTls* tls)
 	if (status != 1)
 	{
 		if (!BIO_should_retry(tls->bio))
+		{
+			wLog* log = WLog_Get(TAG);
+			WLog_Print(log, WLOG_ERROR, "BIO_do_handshake failed");
+			ERR_print_errors_cb(bio_err_print, log);
 			return TLS_HANDSHAKE_ERROR;
+		}

 		return TLS_HANDSHAKE_CONTINUE;
 	}