Add optional message to TLSError

TLSError now takes an optional error message. OpenSSLContext has been updated to send out one, and calls to SWIFT_LOG have been removed from it for anything but setCertificateChain. OpenSSLContext::handleDataFromApplication misinterpreted the return code of SSL_write, triggering an onError in cases where more network I/O was required. Test-Information: Unit tests pass on Debian 9 Server test code no longer emits undesirable warnings to stderr on macOS 10.14. Change-Id: If0f932693361ef9738ae50d5445bfb4d3ed9b28f
author: Edwin Mons <edwin.mons@isode.com> 2019-01-08 16:43:31 (GMT)
committer: Edwin Mons <edwin.mons@isode.com> 2019-01-14 15:22:30 (GMT)
commit: 6f6ad903d9e248f59bddedb3ab4cae41a7d8bec0 (patch)
tree: 0d02c381e515856a501b7589afd9c98e6b713ce2
parent: 24ddcdb0a82cbd33deb5b72ad9f86f1c46fc9d13 (diff)
download: swift-6f6ad903d9e248f59bddedb3ab4cae41a7d8bec0.zip
swift-6f6ad903d9e248f59bddedb3ab4cae41a7d8bec0.tar.bz2
5 files changed, 30 insertions, 20 deletions
diff --git a/Swiften/Client/CoreClient.cpp b/Swiften/Client/CoreClient.cpp
index d3711cb..ccde0c2 100644
--- a/Swiften/Client/CoreClient.cpp
+++ b/Swiften/Client/CoreClient.cpp
@@ -314,10 +314,12 @@ void CoreClient::handleSessionFinished(std::shared_ptr<Error> error) {
             switch(actualError->getType()) {
                 case TLSError::CertificateCardRemoved:
                     clientError = ClientError(ClientError::CertificateCardRemoved);
                     break;
                 case TLSError::UnknownError:
+                case TLSError::AcceptFailed:
+                case TLSError::ConnectFailed:
                     clientError = ClientError(ClientError::TLSError);
                     break;
             }
         }
         else if (std::shared_ptr<SessionStream::SessionStreamError> actualError = std::dynamic_pointer_cast<SessionStream::SessionStreamError>(error)) {
diff --git a/Swiften/Network/BOSHConnection.cpp b/Swiften/Network/BOSHConnection.cpp
index 4bbb121..aaec9f2 100644
--- a/Swiften/Network/BOSHConnection.cpp
+++ b/Swiften/Network/BOSHConnection.cpp
@@ -3,11 +3,11 @@
  * Licensed under the simplified BSD license.
  * See Documentation/Licenses/BSD-simplified.txt for more information.
  */
 
 /*
- * Copyright (c) 2011-2018 Isode Limited.
+ * Copyright (c) 2011-2019 Isode Limited.
  * All rights reserved.
  * See the COPYING file for more information.
  */
 
 #include <Swiften/Network/BOSHConnection.h>
@@ -91,12 +91,12 @@ void BOSHConnection::handleTLSNetowrkDataWriteRequest(const SafeByteArray& data)
 void BOSHConnection::handleRawDataRead(std::shared_ptr<SafeByteArray> data) {
     SWIFT_LOG(debug) << std::endl;
     tlsLayer_->handleDataRead(*data.get());
 }
 
-void BOSHConnection::handleTLSError(std::shared_ptr<TLSError> /* error */) {
-
+void BOSHConnection::handleTLSError(std::shared_ptr<TLSError> error) {
+    SWIFT_LOG(debug) << (error ? error->getMessage() : "Unknown TLS error") << std::endl;
 }
 
 void BOSHConnection::writeData(const SafeByteArray& data) {
     if (tlsLayer_) {
         tlsLayer_->writeData(data);
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 89917ee..968ef8f 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -1,7 +1,7 @@
 /*
- * Copyright (c) 2010-2018 Isode Limited.
+ * Copyright (c) 2010-2019 Isode Limited.
  * All rights reserved.
  * See the COPYING file for more information.
  */
 
 #include <Swiften/Base/Platform.h>
@@ -178,11 +178,11 @@ void OpenSSLContext::initAndSetBIOs() {
 void OpenSSLContext::accept() {
     assert(mode_ == Mode::Server);
     handle_ = std::unique_ptr<SSL>(SSL_new(context_.get()));
     if (!handle_) {
         state_ = State::Error;
-        onError(std::make_shared<TLSError>());
+        onError(std::make_shared<TLSError>(TLSError::AcceptFailed, openSSLInternalErrorToString()));
         return;
     }
 
     initAndSetBIOs();
 
@@ -197,17 +197,18 @@ void OpenSSLContext::connect() {
 void OpenSSLContext::connect(const std::string& requestedServerName) {
     assert(mode_ == Mode::Client);
     handle_ = std::unique_ptr<SSL>(SSL_new(context_.get()));
     if (!handle_) {
         state_ = State::Error;
-        onError(std::make_shared<TLSError>());
+        onError(std::make_shared<TLSError>(TLSError::ConnectFailed, openSSLInternalErrorToString()));
         return;
     }
 
     if (!requestedServerName.empty()) {
         if (SSL_set_tlsext_host_name(handle_.get(), const_cast<char*>(requestedServerName.c_str())) != 1) {
-            SWIFT_LOG(error) << "Failed on SSL_set_tlsext_host_name()." << std::endl;
+            onError(std::make_shared<TLSError>(TLSError::ConnectFailed, "Failed to set Server Name Indication: " + openSSLInternalErrorToString()));\
+            return;
         }
     }
 
     // Ownership of BIOs is transferred to the SSL_CTX instance in handle_.
     initAndSetBIOs();
@@ -235,13 +236,12 @@ void OpenSSLContext::doAccept() {
             break;
         case SSL_ERROR_WANT_WRITE:
             sendPendingDataToNetwork();
             break;
         default:
-            SWIFT_LOG(warning) << openSSLInternalErrorToString() << std::endl;
             state_ = State::Error;
-            onError(std::make_shared<TLSError>());
+            onError(std::make_shared<TLSError>(TLSError::AcceptFailed, openSSLInternalErrorToString()));
             sendPendingDataToNetwork();
     }
 }
 
 void OpenSSLContext::doConnect() {
@@ -258,13 +258,13 @@ void OpenSSLContext::doConnect() {
         }
         case SSL_ERROR_WANT_READ:
             sendPendingDataToNetwork();
             break;
         default:
-            SWIFT_LOG(warning) << openSSLInternalErrorToString() << std::endl;
             state_ = State::Error;
             onError(std::make_shared<TLSError>());
+            onError(std::make_shared<TLSError>(TLSError::ConnectFailed, openSSLInternalErrorToString()));
     }
 }
 
 int OpenSSLContext::handleServerNameCallback(SSL* ssl, int*, void* arg) {
     if (ssl == nullptr)
@@ -310,16 +310,17 @@ void OpenSSLContext::handleDataFromNetwork(const SafeByteArray& data) {
         case State::Error: /*assert(false);*/ break;
     }
 }
 
 void OpenSSLContext::handleDataFromApplication(const SafeByteArray& data) {
-    if (SSL_write(handle_.get(), vecptr(data), data.size()) >= 0) {
-        sendPendingDataToNetwork();
+    auto ret = SSL_write(handle_.get(), vecptr(data), data.size());
+    if (ret > 0 || SSL_get_error(handle_.get(), ret) == SSL_ERROR_WANT_READ) {
+            sendPendingDataToNetwork();
     }
     else {
         state_ = State::Error;
-        onError(std::make_shared<TLSError>());
+        onError(std::make_shared<TLSError>(TLSError::UnknownError, openSSLInternalErrorToString()));
     }
 }
 
 void OpenSSLContext::sendPendingDataToApplication() {
     SafeByteArray data;
@@ -331,11 +332,11 @@ void OpenSSLContext::sendPendingDataToApplication() {
         data.resize(SSL_READ_BUFFERSIZE);
         ret = SSL_read(handle_.get(), vecptr(data), data.size());
     }
     if (ret < 0 && SSL_get_error(handle_.get(), ret) != SSL_ERROR_WANT_READ) {
         state_ = State::Error;
-        onError(std::make_shared<TLSError>());
+        onError(std::make_shared<TLSError>(TLSError::UnknownError, openSSLInternalErrorToString()));
     }
 }
 
 bool OpenSSLContext::setCertificateChain(const std::vector<Certificate::ref>& certificateChain) {
     if (certificateChain.size() == 0) {
diff --git a/Swiften/TLS/TLSContext.h b/Swiften/TLS/TLSContext.h
index 55a86cd..9b0a2eb 100644
--- a/Swiften/TLS/TLSContext.h
+++ b/Swiften/TLS/TLSContext.h
@@ -48,11 +48,10 @@ namespace Swift {
             virtual CertificateVerificationError::ref getPeerCertificateVerificationError() const = 0;
 
             virtual ByteArray getFinishMessage() const = 0;
             virtual ByteArray getPeerFinishMessage() const;
 
-
         public:
             enum class Mode {
                 Client,
                 Server
             };
diff --git a/Swiften/TLS/TLSError.h b/Swiften/TLS/TLSError.h
index ae775e6..9e4af2f 100644
--- a/Swiften/TLS/TLSError.h
+++ b/Swiften/TLS/TLSError.h
@@ -1,14 +1,15 @@
 /*
- * Copyright (c) 2012-2016 Isode Limited.
+ * Copyright (c) 2012-2019 Isode Limited.
  * All rights reserved.
  * See the COPYING file for more information.
  */
 
 #pragma once
 
 #include <memory>
+#include <string>
 
 #include <Swiften/Base/API.h>
 #include <Swiften/Base/Error.h>
 
 namespace Swift {
@@ -16,18 +17,25 @@ namespace Swift {
         public:
             typedef std::shared_ptr<TLSError> ref;
 
             enum Type {
                 UnknownError,
-                CertificateCardRemoved
+                CertificateCardRemoved,
+                AcceptFailed,
+                ConnectFailed
             };
 
-            TLSError(Type type = UnknownError) : type(type) {}
+            TLSError(Type type = UnknownError, std::string message = "") : type_(type), message_(std::move(message)) {}
 
             Type getType() const {
-                return type;
+                return type_;
+            }
+
+            const std::string& getMessage() const {
+                return message_;
             }
 
         private:
-            Type type;
+            Type type_;
+            std::string message_;
     };
 }
author	Edwin Mons <edwin.mons@isode.com>	2019-01-08 16:43:31 (GMT)
committer	Edwin Mons <edwin.mons@isode.com>	2019-01-14 15:22:30 (GMT)
commit	6f6ad903d9e248f59bddedb3ab4cae41a7d8bec0 (patch)
tree	0d02c381e515856a501b7589afd9c98e6b713ce2
parent	24ddcdb0a82cbd33deb5b72ad9f86f1c46fc9d13 (diff)
download	swift-6f6ad903d9e248f59bddedb3ab4cae41a7d8bec0.zip swift-6f6ad903d9e248f59bddedb3ab4cae41a7d8bec0.tar.bz2