You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gs...@apache.org on 2010/04/28 17:27:36 UTC
svn commit: r938992 - in /qpid/trunk/qpid/cpp/src/qpid/sys/ssl: SslIo.cpp
SslSocket.cpp check.cpp check.h
Author: gsim
Date: Wed Apr 28 15:27:36 2010
New Revision: 938992
URL: http://svn.apache.org/viewvc?rev=938992&view=rev
Log:
QPID-2083: Some improvements to error handling for NSS based SSL implementation.
Modified:
qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslIo.cpp
qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
qpid/trunk/qpid/cpp/src/qpid/sys/ssl/check.cpp
qpid/trunk/qpid/cpp/src/qpid/sys/ssl/check.h
Modified: qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslIo.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslIo.cpp?rev=938992&r1=938991&r2=938992&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslIo.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslIo.cpp Wed Apr 28 15:27:36 2010
@@ -21,6 +21,7 @@
#include "qpid/sys/ssl/SslIo.h"
#include "qpid/sys/ssl/SslSocket.h"
+#include "qpid/sys/ssl/check.h"
#include "qpid/sys/Time.h"
#include "qpid/sys/posix/check.h"
@@ -312,7 +313,7 @@ void SslIO::readable(DispatchHandle& h)
break;
} else {
// Report error then just treat as a socket disconnect
- QPID_LOG(error, "Error reading socket: " << qpid::sys::strError(rc) << "(" << rc << ")" );
+ QPID_LOG(error, "Error reading socket: " << getErrorString(PR_GetError()));
eofCallback(*this);
h.unwatchRead();
break;
@@ -383,7 +384,9 @@ void SslIO::writeable(DispatchHandle& h)
// we can carry on watching for writes
break;
} else {
- QPID_POSIX_CHECK(rc);
+ QPID_LOG(error, "Error writing to socket: " << getErrorString(PR_GetError()));
+ h.unwatchWrite();
+ break;
}
}
} else {
Modified: qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp?rev=938992&r1=938991&r2=938992&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/ssl/SslSocket.cpp Wed Apr 28 15:27:36 2010
@@ -179,6 +179,7 @@ void SslSocket::connect(const std::strin
throw Exception(QPID_MSG("Could not resolve address for host."));
}
PR_CHECK(PR_Connect(socket, &address, PR_INTERVAL_NO_TIMEOUT));
+ NSS_CHECK(SSL_ForceHandshake(socket));
}
void SslSocket::close() const
Modified: qpid/trunk/qpid/cpp/src/qpid/sys/ssl/check.cpp
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/check.cpp?rev=938992&r1=938991&r2=938992&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/ssl/check.cpp (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/ssl/check.cpp Wed Apr 28 15:27:36 2010
@@ -35,7 +35,11 @@ const std::string SSL_ERROR_BAD_CERT_DOM
const std::string SSL_ERROR_BAD_CERT_ALERT_STR = "SSL peer cannot verify your certificate.";
const std::string SEC_ERROR_BAD_DATABASE_STR = "Security library: bad database.";
const std::string SSL_ERROR_NO_CERTIFICATE_STR = "Unable to find the certificate or key necessary for authentication.";
-const std::string SSL_ERROR_UNKNOWN = "Unknown NSS error code.";
+const std::string PR_DIRECTORY_LOOKUP_ERROR_STR = "A directory lookup on a network address has failed";
+const std::string PR_CONNECT_RESET_ERROR_STR = "TCP connection reset by peer";
+const std::string PR_END_OF_FILE_ERROR_STR = "Encountered end of file";
+const std::string SSL_ERROR_UNKNOWN = "NSS error";
+const std::string NSPR_ERROR_UNKNOWN = "NSPR error";
ErrorString::ErrorString() : code(PR_GetError()), buffer(new char[PR_GetErrorTextLength()]), used(PR_GetErrorText(buffer)) {}
@@ -51,13 +55,24 @@ std::string ErrorString::getString() con
//seems most of the NSPR/NSS errors don't have text set for
//them, add a few specific ones in here. (TODO: more complete
//list?):
- switch (code) {
- case SSL_ERROR_BAD_CERT_DOMAIN: msg = SSL_ERROR_BAD_CERT_DOMAIN_STR; break;
- case SSL_ERROR_BAD_CERT_ALERT: msg = SSL_ERROR_BAD_CERT_ALERT_STR; break;
- case SEC_ERROR_BAD_DATABASE: msg = SEC_ERROR_BAD_DATABASE_STR; break;
- case SSL_ERROR_NO_CERTIFICATE: msg = SSL_ERROR_NO_CERTIFICATE_STR; break;
- default: msg = SSL_ERROR_UNKNOWN; break;
- }
+ return getErrorString(code);
+ } else {
+ return str(format("%1% [%2%]") % msg % code);
+ }
+}
+
+std::string getErrorString(int code)
+{
+ std::string msg;
+ switch (code) {
+ case SSL_ERROR_BAD_CERT_DOMAIN: msg = SSL_ERROR_BAD_CERT_DOMAIN_STR; break;
+ case SSL_ERROR_BAD_CERT_ALERT: msg = SSL_ERROR_BAD_CERT_ALERT_STR; break;
+ case SEC_ERROR_BAD_DATABASE: msg = SEC_ERROR_BAD_DATABASE_STR; break;
+ case SSL_ERROR_NO_CERTIFICATE: msg = SSL_ERROR_NO_CERTIFICATE_STR; break;
+ case PR_DIRECTORY_LOOKUP_ERROR: msg = PR_DIRECTORY_LOOKUP_ERROR_STR; break;
+ case PR_CONNECT_RESET_ERROR: msg = PR_CONNECT_RESET_ERROR_STR; break;
+ case PR_END_OF_FILE_ERROR: msg = PR_END_OF_FILE_ERROR_STR; break;
+ default: msg = (code < -6000) ? SSL_ERROR_UNKNOWN : NSPR_ERROR_UNKNOWN; break;
}
return str(format("%1% [%2%]") % msg % code);
}
Modified: qpid/trunk/qpid/cpp/src/qpid/sys/ssl/check.h
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/qpid/sys/ssl/check.h?rev=938992&r1=938991&r2=938992&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/src/qpid/sys/ssl/check.h (original)
+++ qpid/trunk/qpid/cpp/src/qpid/sys/ssl/check.h Wed Apr 28 15:27:36 2010
@@ -32,6 +32,8 @@ namespace qpid {
namespace sys {
namespace ssl {
+std::string getErrorString(int code);
+
class ErrorString
{
public:
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org