Overview
Comment: | Made repeated failures to handshake return fatal errors and made handshake code use the same logic as the rest of the OpenSSL read error checking |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
1b7959d27a6a7279dd1528df51829142 |
User & Date: | rkeene on 2016-12-13 15:43:19 |
Other Links: | manifest | tags |
Context
2016-12-13
| ||
16:00 | Updated to return soft errors on during SSL negotiation retries on reads and hard errors on SSL negotiation during writes or handshake commands check-in: b9557ba691 user: rkeene tags: trunk | |
15:43 | Made repeated failures to handshake return fatal errors and made handshake code use the same logic as the rest of the OpenSSL read error checking check-in: 1b7959d27a user: rkeene tags: trunk | |
15:29 | Reverted [f79122ae17] check-in: 50d8da007b user: rkeene tags: trunk | |
Changes
Modified tlsIO.c
from [cd83a9c489]
to [562862938f].
︙ | ︙ | |||
806 807 808 809 810 811 812 813 | if (!(statePtr->flags & TLS_TCL_INIT)) { dprintf("Tls_WaitForConnect called on already initialized channel -- returning with immediate success"); *errorCodePtr = 0; return(0); } if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) { /* | > < | | < < < < | | 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 | if (!(statePtr->flags & TLS_TCL_INIT)) { dprintf("Tls_WaitForConnect called on already initialized channel -- returning with immediate success"); *errorCodePtr = 0; return(0); } if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) { dprintf("Asked to wait for a TLS handshake that has already failed. Returning fatal error"); /* * If we get here, we've already returned a soft-failure once. * Return a hard failure now. */ *errorCodePtr = ECONNABORTED; return(-1); } for (;;) { /* Not initialized yet! */ if (statePtr->flags & TLS_TCL_SERVER) { dprintf("Calling SSL_accept()"); |
︙ | ︙ | |||
893 894 895 896 897 898 899 | dprintf("The connection is up"); break; case SSL_ERROR_ZERO_RETURN: dprintf("SSL_ERROR_ZERO_RETURN: Connect returned an invalid value...") return(-1); case SSL_ERROR_SYSCALL: backingError = ERR_get_error(); | < > > > > > > > > > > > > > | | 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 | dprintf("The connection is up"); break; case SSL_ERROR_ZERO_RETURN: dprintf("SSL_ERROR_ZERO_RETURN: Connect returned an invalid value...") return(-1); case SSL_ERROR_SYSCALL: backingError = ERR_get_error(); if (backingError == 0 && err == 0) { dprintf("EOF reached") *errorCodePtr = ECONNRESET; } else if (backingError == 0 && err == -1) { dprintf("I/O error occured (errno = %lu)", (unsigned long) Tcl_GetErrno()); *errorCodePtr = Tcl_GetErrno(); if (*errorCodePtr == ECONNRESET) { *errorCodePtr = ECONNABORTED; } } else { dprintf("I/O error occured (backingError = %lu)", backingError); *errorCodePtr = backingError; if (*errorCodePtr == ECONNRESET) { *errorCodePtr = ECONNABORTED; } } statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; return(-1); case SSL_ERROR_SSL: dprintf("Got permanent fatal SSL error, aborting immediately"); Tls_Error(statePtr, (char *)ERR_reason_error_string(ERR_get_error())); statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; *errorCodePtr = ECONNABORTED; return(-1); |
︙ | ︙ |