ConnSSL_HandleError: Code cleanup, more documentation

This commit is contained in:
Alexander Barton 2013-08-12 23:12:37 +02:00
parent 4828bae8d3
commit dd4c60cf39
1 changed files with 24 additions and 16 deletions

View File

@ -488,16 +488,23 @@ ConnSSL_PrepareConnect(CONNECTION *c, UNUSED CONF_SERVER *s)
} }
/* /**
Check an Handle Error return code after failed calls to ssl/tls functions. * Check and handle error return codes after failed calls to SSL/TLS functions.
OpenSSL: *
SSL_connect(), SSL_accept(), SSL_do_handshake(), SSL_read(), SSL_peek(), or SSL_write() on ssl. * OpenSSL:
GNUTLS: * SSL_connect(), SSL_accept(), SSL_do_handshake(), SSL_read(), SSL_peek(), or
gnutlsssl_read(), gnutls_write() or gnutls_handshake(). * SSL_write() on ssl.
Return: -1 on fatal error, 0 if we can try again later. *
* GNUTLS:
* gnutlsssl_read(), gnutls_write() or gnutls_handshake().
*
* @param c The connection handle.
* @prarm code The return code.
* @param fname The name of the function in which the error occurred.
* @return -1 on fatal errors, 0 if we can try again later.
*/ */
static int static int
ConnSSL_HandleError( CONNECTION *c, const int code, const char *fname ) ConnSSL_HandleError(CONNECTION * c, const int code, const char *fname)
{ {
#ifdef HAVE_LIBSSL #ifdef HAVE_LIBSSL
int ret = SSL_ERROR_SYSCALL; int ret = SSL_ERROR_SYSCALL;
@ -518,21 +525,22 @@ ConnSSL_HandleError( CONNECTION *c, const int code, const char *fname )
case SSL_ERROR_ZERO_RETURN: case SSL_ERROR_ZERO_RETURN:
LogDebug("TLS/SSL connection shut down normally"); LogDebug("TLS/SSL connection shut down normally");
break; break;
/*
SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT, SSL_ERROR_WANT_X509_LOOKUP
*/
case SSL_ERROR_SYSCALL: case SSL_ERROR_SYSCALL:
/* SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT,
* and SSL_ERROR_WANT_X509_LOOKUP */
sslerr = ERR_get_error(); sslerr = ERR_get_error();
if (sslerr) { if (sslerr) {
Log( LOG_ERR, "%s: %s", fname, ERR_error_string(sslerr, NULL )); Log(LOG_ERR, "%s: %s", fname,
ERR_error_string(sslerr, NULL));
} else { } else {
switch (code) { /* EOF that violated protocol */ switch (code) { /* EOF that violated protocol */
case 0: case 0:
Log(LOG_ERR, "%s: Client Disconnected", fname ); Log(LOG_ERR, "%s: Client Disconnected", fname);
break; break;
case -1: /* low level socket I/O error, check errno */ case -1: /* low level socket I/O error, check errno */
Log(LOG_ERR, "%s: %s", fname, strerror(real_errno)); Log(LOG_ERR, "%s: %s", fname,
strerror(real_errno));
} }
} }
break; break;
@ -540,7 +548,7 @@ ConnSSL_HandleError( CONNECTION *c, const int code, const char *fname )
LogOpenSSLError("TLS/SSL Protocol Error", fname); LogOpenSSLError("TLS/SSL Protocol Error", fname);
break; break;
default: default:
Log( LOG_ERR, "%s: Unknown error %d!", fname, ret); Log(LOG_ERR, "%s: Unknown error %d!", fname, ret);
} }
ConnSSL_Free(c); ConnSSL_Free(c);
return -1; return -1;