[GNUnet-SVN] [gnurl] 106/205: openssl: fall back on SSL_ERROR

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 106/205: openssl: fall back on SSL_ERROR_* string w

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 106/205: openssl: fall back on SSL_ERROR_* string when no error detail
Date:	Thu, 20 Apr 2017 16:20:46 +0200

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to annotated tag gnurl-7.54.0
in repository gnurl.

commit b999d35c71904d72bd38b432cb9cc57898d32cbc
Author: Jay Satiro <address@hidden>
AuthorDate: Wed Mar 22 14:39:41 2017 -0400

    openssl: fall back on SSL_ERROR_* string when no error detail
    
    - If SSL_get_error is called but no extended error detail is available
      then show that SSL_ERROR_* as a string.
    
    Prior to this change there was some inconsistency in that case: the
    SSL_ERROR_* code may or may not have been shown, or may have been shown
    as unknown even if it was known.
    
    Ref: https://github.com/curl/curl/issues/1300
    
    Closes https://github.com/curl/curl/pull/1348
---
 lib/vtls/openssl.c | 41 +++++++++++++++++++++++++++++++++--------
 1 file changed, 33 insertions(+), 8 deletions(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index f17cf0ba8..25026ab25 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -156,10 +156,30 @@ static unsigned long OpenSSL_version_num(void)
  * Number of bytes to read from the random number seed file. This must be
  * a finite value (because some entropy "files" like /dev/urandom have
  * an infinite length), but must be large enough to provide enough
- * entopy to properly seed OpenSSL's PRNG.
+ * entropy to properly seed OpenSSL's PRNG.
  */
 #define RAND_LOAD_LENGTH 1024
 
+static const char *SSL_ERROR_to_str(int err)
+{
+  const char *str[] = {
+    "SSL_ERROR_NONE",               /* 0 */
+    "SSL_ERROR_SSL",                /* 1 */
+    "SSL_ERROR_WANT_READ",          /* 2 */
+    "SSL_ERROR_WANT_WRITE",         /* 3 */
+    "SSL_ERROR_WANT_X509_LOOKUP",   /* 4 */
+    "SSL_ERROR_SYSCALL",            /* 5 */
+    "SSL_ERROR_ZERO_RETURN",        /* 6 */
+    "SSL_ERROR_WANT_CONNECT",       /* 7 */
+    "SSL_ERROR_WANT_ACCEPT",        /* 8 */
+    "SSL_ERROR_WANT_ASYNC",         /* 9 */
+    "SSL_ERROR_WANT_ASYNC_JOB",     /* 10 */
+    "SSL_ERROR_WANT_EARLY",         /* 11 */
+  };
+  return ((err >= 0 && err < sizeof str / sizeof str[0]) ?
+          str[err] : "SSL_ERROR unknown");
+}
+
 static int passwd_callback(char *buf, int num, int encrypting,
                            void *global_passwd)
 {
@@ -980,8 +1000,10 @@ int Curl_ossl_shutdown(struct connectdata *conn, int 
sockindex)
         default:
           /* openssl/ssl.h says "look at error stack/return value/errno" */
           sslerror = ERR_get_error();
-          failf(conn->data, OSSL_PACKAGE " SSL read: %s, errno %d",
-                ossl_strerror(sslerror, buf, sizeof(buf)),
+          failf(conn->data, OSSL_PACKAGE " SSL_read on shutdown: %s, errno %d",
+                (sslerror ?
+                 ossl_strerror(sslerror, buf, sizeof(buf)) :
+                 SSL_ERROR_to_str(err)),
                 SOCKERRNO);
           done = 1;
           break;
@@ -2306,8 +2328,8 @@ static CURLcode ossl_connect_step2(struct connectdata 
*conn, int sockindex)
         const char * const hostname = SSL_IS_PROXY() ?
           conn->http_proxy.host.name : conn->host.name;
         const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
-        failf(data, "Unknown SSL protocol error in connection to %s:%ld ",
-              hostname, port);
+        failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%ld ",
+              SSL_ERROR_to_str(detail), hostname, port);
         return result;
       }
 
@@ -3199,7 +3221,8 @@ static ssize_t ossl_send(struct connectdata *conn,
       return -1;
     }
     /* a true error */
-    failf(conn->data, "SSL_write() return error %d", err);
+    failf(conn->data, OSSL_PACKAGE " SSL_write: %s, errno %d",
+          SSL_ERROR_to_str(err), SOCKERRNO);
     *curlcode = CURLE_SEND_ERROR;
     return -1;
   }
@@ -3244,8 +3267,10 @@ static ssize_t ossl_recv(struct connectdata *conn, /* 
connection data */
       if((nread < 0) || sslerror) {
         /* If the return code was negative or there actually is an error in the
            queue */
-        failf(conn->data, "SSL read: %s, errno %d",
-              ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)),
+        failf(conn->data, OSSL_PACKAGE " SSL_read: %s, errno %d",
+              (sslerror ?
+               ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)) :
+               SSL_ERROR_to_str(err)),
               SOCKERRNO);
         *curlcode = CURLE_RECV_ERROR;
         return -1;

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 179/205: libcurl-thread.3: fixed a bad macro that caused test 1140 to fail, (continued)
- [GNUnet-SVN] [gnurl] 179/205: libcurl-thread.3: fixed a bad macro that caused test 1140 to fail, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 184/205: polarssl: unbreak build with versions < 1.3.8, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 185/205: system.h: fix mingw section, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 137/205: cmake: fix build with cmake 2.8.12.2, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 192/205: RELEASE-NOTES: synced with 1451271e0, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 134/205: curl: fix callback functions to match prototype, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 175/205: INSTALL.md: fix secure transport configure arguments, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 168/205: test1606: verify speedcheck, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 128/205: cmake: add more missing files to the dist, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 97/205: cmake: build manual pages (including curl.1), gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 106/205: openssl: fall back on SSL_ERROR_* string when no error detail, gnunet <=
- [GNUnet-SVN] [gnurl] 136/205: ssh: fix narrowing conversion warning, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 141/205: CTestConfig.cmake: removed, unused, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 139/205: docs/index.html: removed, was not shipped anyway, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 173/205: BUGS: "Bugs in old versions", gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 158/205: tests: added test for Curl_splaygetbest to unit1309, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 146/205: tests/server/util: remove in6addr_any for recent MinGW, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 165/205: nss: fix build after e60fe20fdf94e829ba5fce33f7a9d6c281149f7d, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 187/205: tests/server/util: prefer <poll.h> over <sys/poll.h>, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 153/205: RELEASE-NOTES: synced with 4f2e348f9b42c69c480, gnunet, 2017/04/20
- [GNUnet-SVN] [gnurl] 190/205: mbedtls: fix memory leak in error path, gnunet, 2017/04/20

Prev by Date: [GNUnet-SVN] [gnurl] 97/205: cmake: build manual pages (including curl.1)
Next by Date: [GNUnet-SVN] [gnurl] 136/205: ssh: fix narrowing conversion warning
Previous by thread: [GNUnet-SVN] [gnurl] 97/205: cmake: build manual pages (including curl.1)
Next by thread: [GNUnet-SVN] [gnurl] 136/205: ssh: fix narrowing conversion warning
Index(es):
- Date
- Thread