You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2018/04/26 21:22:27 UTC
[trafficserver] branch 7.1.x updated: log actual SSL error string
on failure opening connection
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/7.1.x by this push:
new 6fd00fa log actual SSL error string on failure opening connection
6fd00fa is described below
commit 6fd00fabd3d9d04e4e60a0b3c3b7844a665be375
Author: Randall Meyer <ra...@yahoo.com>
AuthorDate: Tue Apr 24 13:32:40 2018 -0700
log actual SSL error string on failure opening connection
error buf needs to be populated before the SSL error state is cleared
(cherry picked from commit 9b7887cc408f1802d41cfcc328053f3e1fc53e67)
---
iocore/net/SSLNetVConnection.cc | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index 0919527..a28831c 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -1344,15 +1344,24 @@ SSLNetVConnection::sslClientHandShakeEvent(int &err)
case SSL_ERROR_SSL:
default: {
err = (errno) ? errno : -ENET_CONNECT_FAILED;
+ char buf[512];
+ unsigned long e = ERR_peek_last_error();
+ ERR_error_string_n(e, buf, sizeof(buf));
// FIXME -- This triggers a retry on cases of cert validation errors....
Debug("ssl", "SSLNetVConnection::sslClientHandShakeEvent, SSL_ERROR_SSL");
SSL_CLR_ERR_INCR_DYN_STAT(this, ssl_error_ssl, "SSLNetVConnection::sslClientHandShakeEvent, SSL_ERROR_SSL errno=%d", errno);
Debug("ssl.error", "SSLNetVConnection::sslClientHandShakeEvent, SSL_ERROR_SSL");
- char buf[512];
- unsigned long e = ERR_peek_last_error();
- ERR_error_string_n(e, buf, sizeof(buf));
TraceIn(trace, get_remote_addr(), get_remote_port(),
"SSL client handshake ERROR_SSL: sslErr=%d, ERR_get_error=%ld (%s) errno=%d", ssl_error, e, buf, errno);
+ if (e) {
+ if (this->options.sni_servername) {
+ Error("SSL connection failed for '%s': %s", this->options.sni_servername.get(), buf);
+ } else {
+ char buff[INET6_ADDRSTRLEN];
+ ats_ip_ntop(this->get_remote_addr(), buff, INET6_ADDRSTRLEN);
+ Error("SSL connection failed for '%s': %s", buff, buf);
+ }
+ }
return EVENT_ERROR;
} break;
}
--
To stop receiving notification emails like this one, please contact
zwoop@apache.org.