[or-cvs] Fix TLS error logging

Nick Mathewson nickm at seul.org
Mon Sep 15 18:37:51 UTC 2003


Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/tmp/cvs-serv28947/common

Modified Files:
	tortls.c 
Log Message:
Fix TLS error logging

Index: tortls.c
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- tortls.c	15 Sep 2003 18:18:37 -0000	1.10
+++ tortls.c	15 Sep 2003 18:37:49 -0000	1.11
@@ -44,20 +44,22 @@
 /* These functions are declared in crypto.c but not exported. */
 EVP_PKEY *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env);
 crypto_pk_env_t *_crypto_new_pk_env_rsa(RSA *rsa);
-char *crypto_perror(); 
 
 static void
-tls_log_error(int severity, char *doing)
+tls_log_error(int severity, const char *doing, int err)
 {
+  const char *msg = (const char*)ERR_reason_error_string(err);
+  if (!err) msg = "(null)";
   if (doing) {
-    log(severity, "TLS error while %s: %s", doing, crypto_perror());
+    log(severity, "TLS error while %s: %s", doing, msg);
   } else {
-    log(severity, "TLS error: %s",crypto_perror());
+    log(severity, "TLS error: %s", msg);
   }
 }
 
 static int
-tor_tls_get_error(tor_tls *tls, int r, int extra)
+tor_tls_get_error(tor_tls *tls, int r, int extra, 
+		  const char *doing, int severity)
 {
   int err = SSL_get_error(tls->ssl, r);
   switch (err) {
@@ -68,10 +70,15 @@
     case SSL_ERROR_WANT_WRITE:
       return TOR_TLS_WANTWRITE;
     case SSL_ERROR_SYSCALL:
+      /* This is oververbose XXX */
+      tls_log_error(severity, doing, err);
       return extra ? _TOR_TLS_SYSCALL : TOR_TLS_ERROR;
     case SSL_ERROR_ZERO_RETURN:
+      /* This is oververbose XXX */
+      tls_log_error(severity, doing, err);
       return extra ? _TOR_TLS_ZERORETURN : TOR_TLS_ERROR;
     default:
+      tls_log_error(severity, doing, err);
       return TOR_TLS_ERROR;
   }
 }
@@ -80,6 +87,7 @@
 tor_tls_init() {
   if (!tls_library_is_initialized) {
     SSL_library_init();
+    crypto_global_init();
     tls_library_is_initialized = 1;
   }
 }
@@ -289,16 +297,15 @@
   r = SSL_read(tls->ssl, cp, len);
   if (r > 0)
     return r;
-  err = tor_tls_get_error(tls, r, 1);
+  err = tor_tls_get_error(tls, r, 1, "reading", LOG_ERR);
   if (err == _TOR_TLS_SYSCALL) {
-    tls_log_error(LOG_ERR, "reading");
+    log(LOG_ERR, "TLS error while reading: syscall error");
     return TOR_TLS_ERROR;
   } else if (err == _TOR_TLS_ZERORETURN) {
     tls->state = TOR_TLS_ST_CLOSED;
     return TOR_TLS_CLOSE;
   } else {
     assert(err != TOR_TLS_DONE);
-    tls_log_error(LOG_ERR, "reading");
     return err;
   }
 }
@@ -317,13 +324,11 @@
   if (n == 0)
     return 0;
   r = SSL_write(tls->ssl, cp, n);
-  err = tor_tls_get_error(tls, r, 1);
+  err = tor_tls_get_error(tls, r, 1, "writing", LOG_ERR);
   assert(err != _TOR_TLS_ZERORETURN);
   if (err == TOR_TLS_DONE) {
     return r;
   } else {
-    if (err != TOR_TLS_WANTREAD && err != TOR_TLS_WANTWRITE) 
-      tls_log_error(LOG_ERR, "writing");
     return err;
   }  
 }
@@ -343,11 +348,9 @@
   } else {
     r = SSL_connect(tls->ssl);
   }
-  r = tor_tls_get_error(tls,r,0);
+  r = tor_tls_get_error(tls,r,0, "handshaking", LOG_ERR);
   if (r == TOR_TLS_DONE) {
     tls->state = TOR_TLS_ST_OPEN; 
-  } else if (r != TOR_TLS_WANTREAD && r != TOR_TLS_WANTWRITE) {
-    tls_log_error(LOG_ERR, "handshaking");
   }
   return r;
 }
@@ -371,15 +374,13 @@
       do {
 	r = SSL_read(tls->ssl, buf, 128);
       } while (r>0);
-      err = tor_tls_get_error(tls, r, 1);
+      err = tor_tls_get_error(tls, r, 1, "reading to shut down", LOG_ERR);
       if (err == _TOR_TLS_ZERORETURN) {
 	tls->state = TOR_TLS_ST_GOTCLOSE;
 	/* fall through... */
       } else {
 	if (err == _TOR_TLS_SYSCALL)
 	  err = TOR_TLS_ERROR;
-	if (err != TOR_TLS_WANTREAD && err != TOR_TLS_WANTWRITE) 
-	  tls_log_error(LOG_ERR, "shutting down");
 	return err;
       }
     }
@@ -390,7 +391,7 @@
       tls->state = TOR_TLS_ST_CLOSED;
       return TOR_TLS_DONE;
     }
-    err = tor_tls_get_error(tls, r, 1);
+    err = tor_tls_get_error(tls, r, 1, "shutting down", LOG_ERR);
     if (err == _TOR_TLS_SYSCALL) {
       /* The underlying TCP connection closed while we were shutting down. */
       tls->state = TOR_TLS_ST_CLOSED; 
@@ -410,8 +411,6 @@
       tls->state = TOR_TLS_ST_SENTCLOSE;
       /* fall through ... */
     } else {
-      if (err != TOR_TLS_WANTREAD && err != TOR_TLS_WANTWRITE) 
-	tls_log_error(LOG_ERR, "shutting down");
       return err;
     }
   } /* end loop */



More information about the tor-commits mailing list