From e5febe418be66e78e5145859f550ab4037852b76 Mon Sep 17 00:00:00 2001
From: Perry Werneck <perry.werneck@gmail.com>
Date: Wed, 21 Oct 2020 15:02:50 -0300
Subject: [PATCH] Adjustments on SSL error message.

---
 src/network_modules/openssl/context.c |  6 +++---
 src/network_modules/openssl/start.c   | 38 +++++++++++++++++++++++++++++---------
 2 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/src/network_modules/openssl/context.c b/src/network_modules/openssl/context.c
index 2a59928..42796b6 100644
--- a/src/network_modules/openssl/context.c
+++ b/src/network_modules/openssl/context.c
@@ -67,6 +67,8 @@ static void info_callback(INFO_CONST SSL *s, int where, int ret)
 	H3270 *hSession = (H3270 *) SSL_get_ex_data(s,ssl_ex_index);
 	LIB3270_NET_CONTEXT * context = hSession->network.context;
 
+	debug("************************ %s where=%d",__FUNCTION__,where);
+
 	switch(where)
 	{
 	case SSL_CB_CONNECT_LOOP:
@@ -125,12 +127,10 @@ static void info_callback(INFO_CONST SSL *s, int where, int ret)
 		trace_ssl(hSession,"SSL Current state is \"%s\"\n",context->state.message);
 	}
 
-#ifdef DEBUG
 	if(where & SSL_CB_EXIT)
 	{
-		trace("%s: SSL_CB_EXIT ret=%d\n",__FUNCTION__,ret);
+		trace_ssl(hSession,"SSL_CB_EXIT ret=%d\n",ret);
 	}
-#endif
 
 	if(where & SSL_CB_ALERT)
 	{
diff --git a/src/network_modules/openssl/start.c b/src/network_modules/openssl/start.c
index 5fbb07e..1b261d6 100644
--- a/src/network_modules/openssl/start.c
+++ b/src/network_modules/openssl/start.c
@@ -221,19 +221,39 @@
 
 	if (rv != 1)
 	{
+		LIB3270_SSL_MESSAGE message = {
+			.type = LIB3270_NOTIFY_ERROR,
+			.title = N_( "SSL Connect failed" ),
+			.summary = N_("The client was unable to negotiate a secure connection with the host"),
+		};
+
 		int code = SSL_get_error(context->con,rv);
 
-		if(code == SSL_ERROR_SYSCALL && hSession->ssl.error)
-			code = hSession->ssl.error;
-		else
-			hSession->ssl.error = code;
+		if(code == SSL_ERROR_SYSCALL) {
 
-		trace_ssl(hSession,"SSL_connect failed: %s\n",ERR_reason_error_string(code));
+			// Some I/O error occurred.
+			// The OpenSSL error queue may contain more information on the error.
+			// If the error queue is empty (i.e. ERR_get_error() returns 0), ret
+			// can be used to find out more about the error:
+			// If ret == 0, an EOF was observed that violates the protocol.
+			// If ret == -1, the underlying BIO reported an I/O error
+			// (for socket I/O on Unix systems, consult errno for details).
 
-		static const LIB3270_SSL_MESSAGE message = {
-			.summary = N_( "SSL Connect failed" ),
-			.body = N_("The client was unable to negotiate a secure connection with the host")
-		};
+			if(rv == 0) {
+				message.body = N_("An EOF was observed that violates the protocol");
+			} else if(errno)
+				message.body = strerror(errno);
+			else
+				message.body = N_("Unexpected I/O error");
+
+		} else {
+
+			message.body = ERR_reason_error_string(code);
+
+		}
+
+		debug("SSL_connect failed: %s (rc=%d)\n",message.body ? message.body : message.summary, code);
+		trace_ssl(hSession,"SSL_connect failed: %s (rc=%d)\n",message.body ? message.body : message.summary, code);
 
 		hSession->ssl.message = &message;
 		return -1;
--
libgit2 0.21.2