don't use ERR_print_string_fp; print directly to notify

panda/src/downloader/Sources.pp

@@ -33,6 +33,7 @@
     multiplexStreamBuf.I multiplexStreamBuf.h \
     patcher.h patcher.I \
     socketStream.h socketStream.I \
+    ssl_utils.h \
     urlSpec.I urlSpec.h
     
   #define INCLUDED_SOURCES                 \
@@ -59,6 +60,7 @@
     multiplexStream.cxx multiplexStreamBuf.cxx \
     patcher.cxx \
     socketStream.cxx \
+    ssl_utils.cxx \
     urlSpec.cxx
 
   #define INSTALL_HEADERS \
@@ -85,6 +87,7 @@
     multiplexStreamBuf.I multiplexStreamBuf.h \
     patcher.h patcher.I \
     socketStream.h socketStream.I \
+    ssl_utils.h \
     urlSpec.h urlSpec.I
     
   #define IGATESCAN all

panda/src/downloader/bioStreamBuf.cxx

@@ -18,13 +18,10 @@
 
 #include "bioStreamBuf.h"
 #include "config_downloader.h"
+#include "ssl_utils.h"
 
 #ifdef HAVE_SSL
 
-#ifdef REPORT_OPENSSL_ERRORS
-#include <openssl/err.h>
-#endif
-
 #ifndef HAVE_STREAMSIZE
 // Some compilers (notably SGI) don't define this for us
 typedef int streamsize;
@@ -166,9 +163,7 @@ underflow() {
             << "Lost connection to "
             << _source->get_server_name() << ":" 
             << _source->get_port() << " (" << read_count << ").\n";
-#ifdef REPORT_OPENSSL_ERRORS
-          ERR_print_errors_fp(stderr);
-#endif
+          notify_ssl_errors();
         }
         gbump(num_bytes);
         return EOF;

panda/src/downloader/downloader_composite2.cxx

@@ -12,4 +12,5 @@
 #include "multiplexStreamBuf.cxx"
 #include "patcher.cxx"
 #include "socketStream.cxx"
+#include "ssl_utils.cxx"
 #include "urlSpec.cxx"

panda/src/downloader/httpChannel.cxx

@@ -19,6 +19,7 @@
 #include "httpChannel.h"
 #include "httpClient.h"
 #include "bioStream.h"
+#include "ssl_utils.h"
 #include "chunkedStream.h"
 #include "identityStream.h"
 #include "config_downloader.h"
@@ -27,9 +28,6 @@
 
 #ifdef HAVE_SSL
 #include <openssl/x509.h>
-#ifdef REPORT_OPENSSL_ERRORS
-#include <openssl/err.h>
-#endif
 
 #ifdef WIN32_VC
   #include <windows.h>  // for select()
@@ -852,9 +850,7 @@ run_connecting() {
     downloader_cat.info()
       << "Could not connect to " << _bio->get_server_name() << ":" 
       << _bio->get_port() << "\n";
-#ifdef REPORT_OPENSSL_ERRORS
-    ERR_print_errors_fp(stderr);
-#endif
+    notify_ssl_errors();
     _status_entry._status_code = SC_no_connection;
     _state = S_try_next_proxy;
     return false;
@@ -1328,9 +1324,7 @@ run_setup_ssl() {
   if (result == 0) {
     downloader_cat.error()
       << "Invalid cipher list: '" << cipher_list << "'\n";
-#ifdef REPORT_OPENSSL_ERRORS
-    ERR_print_errors_fp(stderr);
-#endif
+    notify_ssl_errors();
     _status_entry._status_code = SC_ssl_internal_failure;
     _state = S_failure;
     return false;
@@ -1392,9 +1386,8 @@ run_ssl_handshake() {
     downloader_cat.info()
       << "Could not establish SSL handshake with " 
       << _request.get_url().get_server_and_port() << "\n";
-#ifdef REPORT_OPENSSL_ERRORS
-    ERR_print_errors_fp(stderr);
-#endif
+    notify_ssl_errors();
+
     // It seems to be an error to free sbio at this point; perhaps
     // it's already been freed?
     _status_entry._status_code = SC_ssl_no_handshake;

panda/src/downloader/httpClient.cxx

@@ -19,6 +19,7 @@
 #include "httpClient.h"
 #include "httpChannel.h"
 #include "config_downloader.h"
+#include "ssl_utils.h"
 #include "filename.h"
 #include "config_express.h"
 #include "virtualFileSystem.h"
@@ -769,9 +770,7 @@ load_certificates(const Filename &filename) {
   if (result <= 0) {
     downloader_cat.info()
       << "Could not load certificates from " << filename << ".\n";
-#ifdef REPORT_OPENSSL_ERRORS
-    ERR_print_errors_fp(stderr);
-#endif
+    notify_ssl_errors();
     return false;
   }
 
@@ -1236,10 +1235,6 @@ unload_client_certificate() {
 ////////////////////////////////////////////////////////////////////
 void HTTPClient::
 initialize_ssl() {
-#ifdef REPORT_OPENSSL_ERRORS
-  ERR_load_crypto_strings();
-  ERR_load_SSL_strings();
-#endif
   OpenSSL_add_all_algorithms();
 
   // Call RAND_status() here to force the random number generator to
@@ -1293,9 +1288,7 @@ load_verify_locations(SSL_CTX *ctx, const Filename &ca_file) {
     // Could not scan certificates.
     downloader_cat.info()
       << "PEM_X509_INFO_read_bio() returned NULL.\n";
-#ifdef REPORT_OPENSSL_ERRORS
-    ERR_print_errors_fp(stderr);
-#endif
+    notify_ssl_errors();
     return 0;
   }
   

panda/src/downloader/ssl_utils.cxx

@@ -0,0 +1,56 @@
+// Filename: ssl_utils.cxx
+// Created by:  drose (15Dec03)
+//
+////////////////////////////////////////////////////////////////////
+//
+// PANDA 3D SOFTWARE
+// Copyright (c) 2001, Disney Enterprises, Inc.  All rights reserved
+//
+// All use of this software is subject to the terms of the Panda 3d
+// Software license.  You should have received a copy of this license
+// along with this source code; you will also find a current copy of
+// the license at http://www.panda3d.org/license.txt .
+//
+// To contact the maintainers of this program write to
+// [email protected] .
+//
+////////////////////////////////////////////////////////////////////
+
+#include "ssl_utils.h"
+#include "config_downloader.h"
+
+#ifdef HAVE_SSL
+
+#ifdef REPORT_OPENSSL_ERRORS
+#include <openssl/err.h>
+#endif
+
+////////////////////////////////////////////////////////////////////
+//     Function: notify_ssl_errors
+//  Description: A convenience function that is itself a wrapper
+//               around the OpenSSL convenience function to output the
+//               recent OpenSSL errors.  This function sends the error
+//               string to downloader_cat.warning().  If
+//               REPORT_OPENSSL_ERRORS is not defined, the function
+//               does nothing.
+////////////////////////////////////////////////////////////////////
+void notify_ssl_errors() {
+#ifdef REPORT_OPENSSL_ERRORS
+  static bool strings_loaded = false;
+  if (!strings_loaded) {
+    SSL_load_error_strings();
+    strings_loaded = true;
+  }
+
+  unsigned long e = ERR_get_error();
+  while (e != 0) {
+    static const size_t buffer_len = 256;
+    char buffer[buffer_len];
+    ERR_error_string_n(e, buffer, buffer_len);
+    downloader_cat.warning() << buffer << "\n";
+    e = ERR_get_error();
+  }
+#endif  //  REPORT_OPENSSL_ERRORS
+}
+
+#endif  // HAVE_SSL

panda/src/downloader/ssl_utils.h

@@ -0,0 +1,35 @@
+// Filename: ssl_utils.h
+// Created by:  drose (15Dec03)
+//
+////////////////////////////////////////////////////////////////////
+//
+// PANDA 3D SOFTWARE
+// Copyright (c) 2001, Disney Enterprises, Inc.  All rights reserved
+//
+// All use of this software is subject to the terms of the Panda 3d
+// Software license.  You should have received a copy of this license
+// along with this source code; you will also find a current copy of
+// the license at http://www.panda3d.org/license.txt .
+//
+// To contact the maintainers of this program write to
+// [email protected] .
+//
+////////////////////////////////////////////////////////////////////
+
+#ifndef SSL_UTILS_H
+#define SSL_UTILS_H
+
+#include "pandabase.h"
+
+// This module is not compiled if OpenSSL is not available.
+#ifdef HAVE_SSL
+
+#include <openssl/ssl.h>
+
+EXPCL_PANDAEXPRESS void notify_ssl_errors();
+
+#endif  // HAVE_SSL
+
+#endif
+
+