Swift
summaryrefslogtreecommitdiffstats
path: root/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
diff options
context:
space:
mode:
authorEdwin Mons <edwin.mons@isode.com>2019-01-08 16:43:31 (GMT)
committerEdwin Mons <edwin.mons@isode.com>2019-01-14 15:22:30 (GMT)
commit6f6ad903d9e248f59bddedb3ab4cae41a7d8bec0 (patch)
tree0d02c381e515856a501b7589afd9c98e6b713ce2 /Swiften/TLS/OpenSSL/OpenSSLContext.cpp
parent24ddcdb0a82cbd33deb5b72ad9f86f1c46fc9d13 (diff)
downloadswift-6f6ad903d9e248f59bddedb3ab4cae41a7d8bec0.zip
swift-6f6ad903d9e248f59bddedb3ab4cae41a7d8bec0.tar.bz2
Add optional message to TLSError
TLSError now takes an optional error message. OpenSSLContext has been updated to send out one, and calls to SWIFT_LOG have been removed from it for anything but setCertificateChain. OpenSSLContext::handleDataFromApplication misinterpreted the return code of SSL_write, triggering an onError in cases where more network I/O was required. Test-Information: Unit tests pass on Debian 9 Server test code no longer emits undesirable warnings to stderr on macOS 10.14. Change-Id: If0f932693361ef9738ae50d5445bfb4d3ed9b28f
Diffstat (limited to 'Swiften/TLS/OpenSSL/OpenSSLContext.cpp')
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContext.cpp23
1 files changed, 12 insertions, 11 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 89917ee..968ef8f 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2010-2018 Isode Limited. 2 * Copyright (c) 2010-2019 Isode Limited.
3 * All rights reserved. 3 * All rights reserved.
4 * See the COPYING file for more information. 4 * See the COPYING file for more information.
5 */ 5 */
@@ -180,7 +180,7 @@ void OpenSSLContext::accept() {
180 handle_ = std::unique_ptr<SSL>(SSL_new(context_.get())); 180 handle_ = std::unique_ptr<SSL>(SSL_new(context_.get()));
181 if (!handle_) { 181 if (!handle_) {
182 state_ = State::Error; 182 state_ = State::Error;
183 onError(std::make_shared<TLSError>()); 183 onError(std::make_shared<TLSError>(TLSError::AcceptFailed, openSSLInternalErrorToString()));
184 return; 184 return;
185 } 185 }
186 186
@@ -199,13 +199,14 @@ void OpenSSLContext::connect(const std::string& requestedServerName) {
199 handle_ = std::unique_ptr<SSL>(SSL_new(context_.get())); 199 handle_ = std::unique_ptr<SSL>(SSL_new(context_.get()));
200 if (!handle_) { 200 if (!handle_) {
201 state_ = State::Error; 201 state_ = State::Error;
202 onError(std::make_shared<TLSError>()); 202 onError(std::make_shared<TLSError>(TLSError::ConnectFailed, openSSLInternalErrorToString()));
203 return; 203 return;
204 } 204 }
205 205
206 if (!requestedServerName.empty()) { 206 if (!requestedServerName.empty()) {
207 if (SSL_set_tlsext_host_name(handle_.get(), const_cast<char*>(requestedServerName.c_str())) != 1) { 207 if (SSL_set_tlsext_host_name(handle_.get(), const_cast<char*>(requestedServerName.c_str())) != 1) {
208 SWIFT_LOG(error) << "Failed on SSL_set_tlsext_host_name()." << std::endl; 208 onError(std::make_shared<TLSError>(TLSError::ConnectFailed, "Failed to set Server Name Indication: " + openSSLInternalErrorToString()));\
209 return;
209 } 210 }
210 } 211 }
211 212
@@ -237,9 +238,8 @@ void OpenSSLContext::doAccept() {
237 sendPendingDataToNetwork(); 238 sendPendingDataToNetwork();
238 break; 239 break;
239 default: 240 default:
240 SWIFT_LOG(warning) << openSSLInternalErrorToString() << std::endl;
241 state_ = State::Error; 241 state_ = State::Error;
242 onError(std::make_shared<TLSError>()); 242 onError(std::make_shared<TLSError>(TLSError::AcceptFailed, openSSLInternalErrorToString()));
243 sendPendingDataToNetwork(); 243 sendPendingDataToNetwork();
244 } 244 }
245} 245}
@@ -260,9 +260,9 @@ void OpenSSLContext::doConnect() {
260 sendPendingDataToNetwork(); 260 sendPendingDataToNetwork();
261 break; 261 break;
262 default: 262 default:
263 SWIFT_LOG(warning) << openSSLInternalErrorToString() << std::endl;
264 state_ = State::Error; 263 state_ = State::Error;
265 onError(std::make_shared<TLSError>()); 264 onError(std::make_shared<TLSError>());
265 onError(std::make_shared<TLSError>(TLSError::ConnectFailed, openSSLInternalErrorToString()));
266 } 266 }
267} 267}
268 268
@@ -312,12 +312,13 @@ void OpenSSLContext::handleDataFromNetwork(const SafeByteArray& data) {
312} 312}
313 313
314void OpenSSLContext::handleDataFromApplication(const SafeByteArray& data) { 314void OpenSSLContext::handleDataFromApplication(const SafeByteArray& data) {
315 if (SSL_write(handle_.get(), vecptr(data), data.size()) >= 0) { 315 auto ret = SSL_write(handle_.get(), vecptr(data), data.size());
316 sendPendingDataToNetwork(); 316 if (ret > 0 || SSL_get_error(handle_.get(), ret) == SSL_ERROR_WANT_READ) {
317 sendPendingDataToNetwork();
317 } 318 }
318 else { 319 else {
319 state_ = State::Error; 320 state_ = State::Error;
320 onError(std::make_shared<TLSError>()); 321 onError(std::make_shared<TLSError>(TLSError::UnknownError, openSSLInternalErrorToString()));
321 } 322 }
322} 323}
323 324
@@ -333,7 +334,7 @@ void OpenSSLContext::sendPendingDataToApplication() {
333 } 334 }
334 if (ret < 0 && SSL_get_error(handle_.get(), ret) != SSL_ERROR_WANT_READ) { 335 if (ret < 0 && SSL_get_error(handle_.get(), ret) != SSL_ERROR_WANT_READ) {
335 state_ = State::Error; 336 state_ = State::Error;
336 onError(std::make_shared<TLSError>()); 337 onError(std::make_shared<TLSError>(TLSError::UnknownError, openSSLInternalErrorToString()));
337 } 338 }
338} 339}
339 340