You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by sh...@apache.org on 2021/04/28 20:35:40 UTC
[trafficserver] branch master updated: Propagate TLS errors (#7714)
This is an automated email from the ASF dual-hosted git repository.
shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 2c186ac Propagate TLS errors (#7714)
2c186ac is described below
commit 2c186ac8aea9b6d5cee03ce3f87ff9a5306bf5ea
Author: Susan Hinrichs <sh...@verizonmedia.com>
AuthorDate: Wed Apr 28 15:35:22 2021 -0500
Propagate TLS errors (#7714)
---
include/tscore/InkErrno.h | 2 ++
iocore/net/SSLNetVConnection.cc | 10 ++++++----
src/tscore/InkErrno.cc | 4 ++++
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/include/tscore/InkErrno.h b/include/tscore/InkErrno.h
index 083e8a1..3b6a89d 100644
--- a/include/tscore/InkErrno.h
+++ b/include/tscore/InkErrno.h
@@ -40,6 +40,8 @@
#define ENET_THROTTLING (NET_ERRNO + 1)
#define ENET_CONNECT_TIMEOUT (NET_ERRNO + 2)
#define ENET_CONNECT_FAILED (NET_ERRNO + 3)
+#define ENET_SSL_CONNECT_FAILED (NET_ERRNO + 4)
+#define ENET_SSL_FAILED (NET_ERRNO + 5)
#define ESOCK_DENIED (SOCK_ERRNO + 0)
#define ESOCK_TIMEOUT (SOCK_ERRNO + 1)
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 425ee3d..18d0637 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -546,7 +546,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread)
// If the key renegotiation failed it's over, just signal the error and finish.
if (sslClientRenegotiationAbort == true) {
this->read.triggered = 0;
- readSignalError(nh, static_cast<int>(r));
+ readSignalError(nh, -ENET_SSL_FAILED);
Debug("ssl", "client renegotiation setting read signal error");
return;
}
@@ -621,7 +621,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread)
Debug("ssl", "ssl handshake for vc %p, expired, release the connection", this);
read.triggered = 0;
nh->read_ready_list.remove(this);
- readSignalError(nh, VC_EVENT_EOS);
+ readSignalError(nh, ETIMEDOUT);
return;
}
}
@@ -670,6 +670,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread)
//
// not sure if this do-while loop is really needed here, please replace
// this comment if you know
+ int ssl_read_errno = 0;
do {
ret = ssl_read_from_net(this, lthread, r);
if (ret == SSL_READ_READY || ret == SSL_READ_ERROR_NONE) {
@@ -677,6 +678,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread)
}
ink_assert(bytes >= 0);
} while ((ret == SSL_READ_READY && bytes == 0) || ret == SSL_READ_ERROR_NONE);
+ ssl_read_errno = errno;
if (bytes > 0) {
if (ret == SSL_READ_WOULD_BLOCK || ret == SSL_READ_READY) {
@@ -736,7 +738,7 @@ SSLNetVConnection::net_read_io(NetHandler *nh, EThread *lthread)
break;
case SSL_READ_ERROR:
this->read.triggered = 0;
- readSignalError(nh, static_cast<int>(r));
+ readSignalError(nh, (ssl_read_errno) ? ssl_read_errno : -ENET_SSL_FAILED);
Debug("ssl", "read finished - read error");
break;
}
@@ -1541,7 +1543,7 @@ SSLNetVConnection::sslClientHandShakeEvent(int &err)
case SSL_ERROR_SSL:
default: {
- err = (errno) ? errno : -ENET_CONNECT_FAILED;
+ err = (errno) ? errno : -ENET_SSL_CONNECT_FAILED;
char buf[512];
unsigned long e = ERR_peek_last_error();
ERR_error_string_n(e, buf, sizeof(buf));
diff --git a/src/tscore/InkErrno.cc b/src/tscore/InkErrno.cc
index 3126bfd..6cd89a1 100644
--- a/src/tscore/InkErrno.cc
+++ b/src/tscore/InkErrno.cc
@@ -39,6 +39,10 @@ InkStrerror(int ink_errno)
return "ENET_CONNECT_TIMEOUT";
case ENET_CONNECT_FAILED:
return "ENET_CONNECT_FAILED";
+ case ENET_SSL_CONNECT_FAILED:
+ return "ENET_SSL_CONNECT_FAILED";
+ case ENET_SSL_FAILED:
+ return "ENET_SSL_FAILED";
case ESOCK_DENIED:
return "ESOCK_DENIED";
case ESOCK_TIMEOUT: