You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by bm...@apache.org on 2020/04/17 21:19:46 UTC
[mesos] 02/02: Added logging of peer address in OpenSSLSocket
accept failures.
This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 9240c4d3190f7836cb563971e943a4c7899f33f1
Author: Benjamin Mahler <bm...@apache.org>
AuthorDate: Thu Apr 9 19:42:32 2020 -0400
Added logging of peer address in OpenSSLSocket accept failures.
The caller of OpenSSLSocket::accept() cannot see who tried to
connect when accept fails, since the accepted socket is not returned.
This adds logging of the peer address when the SSL handshake fails,
in order to improve debugging.
Review: https://reviews.apache.org/r/72349
---
3rdparty/libprocess/src/ssl/openssl_socket.cpp | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/3rdparty/libprocess/src/ssl/openssl_socket.cpp b/3rdparty/libprocess/src/ssl/openssl_socket.cpp
index a2ec0a3..3f4dab6 100644
--- a/3rdparty/libprocess/src/ssl/openssl_socket.cpp
+++ b/3rdparty/libprocess/src/ssl/openssl_socket.cpp
@@ -734,7 +734,7 @@ Future<ControlFlow<Nothing>> OpenSSLSocketImpl::handle_accept_callback(
if (!peer_address.isSome()) {
SSL_free(accept_ssl);
accept_queue.put(
- Failure("Could not determine peer IP for connection"));
+ Failure("Failed to determine peer IP: " + peer_address.error()));
return Continue();
}
@@ -747,7 +747,8 @@ Future<ControlFlow<Nothing>> OpenSSLSocketImpl::handle_accept_callback(
if (configured.isError()) {
SSL_free(accept_ssl);
accept_queue.put(
- Failure("Could not configure socket: " + configured.error()));
+ Failure("Failed to openssl::configure_socket for " +
+ stringify(*peer_address) + ": " + configured.error()));
return Continue();
}
@@ -773,16 +774,22 @@ Future<ControlFlow<Nothing>> OpenSSLSocketImpl::handle_accept_callback(
return;
}
+ // For verification purposes, we need to grab the address (again).
+ // We grab it up here (rather than down below) so that we can log
+ // it if the `result` is failed.
+ Try<Address> address = network::address(ssl_socket->get());
+
if (result.isFailed()) {
- self->accept_queue.put(Failure(result.failure()));
+ self->accept_queue.put(
+ Failure("Failed to SSL handshake" +
+ (address.isSome() ? " with " + stringify(*address) : "") +
+ ": " + result.failure()));
return;
}
- // For verification purposes, we need to grab the address (again).
- Try<Address> address = network::address(ssl_socket->get());
if (address.isError()) {
self->accept_queue.put(
- Failure("Failed to get address: " + address.error()));
+ Failure("Failed to determine peer IP: " + address.error()));
return;
}
@@ -798,8 +805,8 @@ Future<ControlFlow<Nothing>> OpenSSLSocketImpl::handle_accept_callback(
: Option<net::IP>::none());
if (verify.isError()) {
- VLOG(1) << "Failed accept, verification error: "
- << verify.error();
+ VLOG(1) << "Failed accept for " << *address
+ << ", verification error: " << verify.error();
self->accept_queue.put(Failure(verify.error()));
return;