While hacking on the NSS patch I realized that sslinfo was passing the ->ssl
Port member directly to OpenSSL in order to extract information regarding the
connection. This breaks the API provided by the backend, as well as duplicates
code for no real benefit. The attached 0001 patch rewrites sslinfo to use the
be_tls_* API where possible to reduce duplication and keep the codebase TLS
dependency (mostly) tucked away behind a nice API. 0001 also contains a small
sslinfo doc update to cover that TLSv1.3 is a supported protocol.
0002 ports OpenSSL errorhandling introduced in d94c36a45ab which was performed
for sslinfo but not the backend. I agree with the commit message that the risk
is small (but not non-existing), but if the checks were important enough for
sslinfo I'd argue they make sense for the backend too.
This patchset was pulled from the NSS patch, but it is entirely independent
from NSS.
cheers ./daniel