Commit e5febe418be66e78e5145859f550ab4037852b76
1 parent
77471b00
Exists in
master
and in
2 other branches
Adjustments on SSL error message.
Showing
2 changed files
with
32 additions
and
12 deletions
Show diff stats
src/network_modules/openssl/context.c
| ... | ... | @@ -67,6 +67,8 @@ static void info_callback(INFO_CONST SSL *s, int where, int ret) |
| 67 | 67 | H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_ex_index); |
| 68 | 68 | LIB3270_NET_CONTEXT * context = hSession->network.context; |
| 69 | 69 | |
| 70 | + debug("************************ %s where=%d",__FUNCTION__,where); | |
| 71 | + | |
| 70 | 72 | switch(where) |
| 71 | 73 | { |
| 72 | 74 | case SSL_CB_CONNECT_LOOP: |
| ... | ... | @@ -125,12 +127,10 @@ static void info_callback(INFO_CONST SSL *s, int where, int ret) |
| 125 | 127 | trace_ssl(hSession,"SSL Current state is \"%s\"\n",context->state.message); |
| 126 | 128 | } |
| 127 | 129 | |
| 128 | -#ifdef DEBUG | |
| 129 | 130 | if(where & SSL_CB_EXIT) |
| 130 | 131 | { |
| 131 | - trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret); | |
| 132 | + trace_ssl(hSession,"SSL_CB_EXIT ret=%d\n",ret); | |
| 132 | 133 | } |
| 133 | -#endif | |
| 134 | 134 | |
| 135 | 135 | if(where & SSL_CB_ALERT) |
| 136 | 136 | { | ... | ... |
src/network_modules/openssl/start.c
| ... | ... | @@ -221,19 +221,39 @@ |
| 221 | 221 | |
| 222 | 222 | if (rv != 1) |
| 223 | 223 | { |
| 224 | + LIB3270_SSL_MESSAGE message = { | |
| 225 | + .type = LIB3270_NOTIFY_ERROR, | |
| 226 | + .title = N_( "SSL Connect failed" ), | |
| 227 | + .summary = N_("The client was unable to negotiate a secure connection with the host"), | |
| 228 | + }; | |
| 229 | + | |
| 224 | 230 | int code = SSL_get_error(context->con,rv); |
| 225 | 231 | |
| 226 | - if(code == SSL_ERROR_SYSCALL && hSession->ssl.error) | |
| 227 | - code = hSession->ssl.error; | |
| 228 | - else | |
| 229 | - hSession->ssl.error = code; | |
| 232 | + if(code == SSL_ERROR_SYSCALL) { | |
| 230 | 233 | |
| 231 | - trace_ssl(hSession,"SSL_connect failed: %s\n",ERR_reason_error_string(code)); | |
| 234 | + // Some I/O error occurred. | |
| 235 | + // The OpenSSL error queue may contain more information on the error. | |
| 236 | + // If the error queue is empty (i.e. ERR_get_error() returns 0), ret | |
| 237 | + // can be used to find out more about the error: | |
| 238 | + // If ret == 0, an EOF was observed that violates the protocol. | |
| 239 | + // If ret == -1, the underlying BIO reported an I/O error | |
| 240 | + // (for socket I/O on Unix systems, consult errno for details). | |
| 232 | 241 | |
| 233 | - static const LIB3270_SSL_MESSAGE message = { | |
| 234 | - .summary = N_( "SSL Connect failed" ), | |
| 235 | - .body = N_("The client was unable to negotiate a secure connection with the host") | |
| 236 | - }; | |
| 242 | + if(rv == 0) { | |
| 243 | + message.body = N_("An EOF was observed that violates the protocol"); | |
| 244 | + } else if(errno) | |
| 245 | + message.body = strerror(errno); | |
| 246 | + else | |
| 247 | + message.body = N_("Unexpected I/O error"); | |
| 248 | + | |
| 249 | + } else { | |
| 250 | + | |
| 251 | + message.body = ERR_reason_error_string(code); | |
| 252 | + | |
| 253 | + } | |
| 254 | + | |
| 255 | + debug("SSL_connect failed: %s (rc=%d)\n",message.body ? message.body : message.summary, code); | |
| 256 | + trace_ssl(hSession,"SSL_connect failed: %s (rc=%d)\n",message.body ? message.body : message.summary, code); | |
| 237 | 257 | |
| 238 | 258 | hSession->ssl.message = &message; |
| 239 | 259 | return -1; | ... | ... |