While hacking on the NSS patch I realized that sslinfo was passing the ->ssl Port member directly to OpenSSL in order to extract information regarding the connection. This breaks the API provided by the backend, as well as duplicates code for no real benefit. The attached 0001 patch rewrites sslinfo to use the be_tls_* API where possible to reduce duplication and keep the codebase TLS dependency (mostly) tucked away behind a nice API. 0001 also contains a small sslinfo doc update to cover that TLSv1.3 is a supported protocol.
0002 ports OpenSSL errorhandling introduced in d94c36a45ab which was performed for sslinfo but not the backend. I agree with the commit message that the risk is small (but not non-existing), but if the checks were important enough for sslinfo I'd argue they make sense for the backend too. This patchset was pulled from the NSS patch, but it is entirely independent from NSS. cheers ./daniel
0002-Improve-error-handling-in-backend-OpenSSL-implementa.patch
Description: Binary data
0001-Use-be_tls_-API-for-SSL-information-in-sslinfo.patch
Description: Binary data
