Overview
Comment: | More work on improving I/O routines |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | wip-fix-io-layer |
Files: | files | file ages | folders |
SHA1: |
7df7a8696e009447be8352858f37081f |
User & Date: | rkeene on 2016-12-12 01:14:06 |
Other Links: | branch diff | manifest | tags |
Context
2016-12-12
| ||
01:15 | Updated wording in debugging message to be more accurate check-in: 6462992c95 user: rkeene tags: wip-fix-io-layer | |
01:14 | More work on improving I/O routines check-in: 7df7a8696e user: rkeene tags: wip-fix-io-layer | |
01:13 | Updated debugging printf() calls to write to a temporary buffer so that multiple calls are not mixed up when writing check-in: 4c6adaabfc user: rkeene tags: wip-fix-io-layer | |
Changes
Modified tls.c from [04ea01d342] to [2904872c77].
874 875 876 877 878 879 880 881 882 883 884 885 886 887 |
/* * We need to make sure that the channel works in binary (for the * encryption not to get goofed up). * We only want to adjust the buffering in pre-v2 channels, where * each channel in the stack maintained its own buffers. */ Tcl_SetChannelOption(interp, chan, "-translation", "binary"); dprintf("Consuming Tcl channel %s", Tcl_GetChannelName(chan)); statePtr->self = Tcl_StackChannel(interp, Tls_ChannelType(), (ClientData) statePtr, (TCL_READABLE | TCL_WRITABLE), chan); dprintf("Created channel named %s", Tcl_GetChannelName(statePtr->self)); if (statePtr->self == (Tcl_Channel) NULL) { /* * No use of Tcl_EventuallyFree because no possible Tcl_Preserve. */ |
> |
874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 |
/*
* We need to make sure that the channel works in binary (for the
* encryption not to get goofed up).
* We only want to adjust the buffering in pre-v2 channels, where
* each channel in the stack maintained its own buffers.
*/
Tcl_SetChannelOption(interp, chan, "-translation", "binary");
Tcl_SetChannelOption(interp, chan, "-blocking", "true");
dprintf("Consuming Tcl channel %s", Tcl_GetChannelName(chan));
statePtr->self = Tcl_StackChannel(interp, Tls_ChannelType(), (ClientData) statePtr, (TCL_READABLE | TCL_WRITABLE), chan);
dprintf("Created channel named %s", Tcl_GetChannelName(statePtr->self));
if (statePtr->self == (Tcl_Channel) NULL) {
/*
* No use of Tcl_EventuallyFree because no possible Tcl_Preserve.
*/
|
Modified tlsIO.c from [b04673cb79] to [38a7baa9a1].
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 ... 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 ... 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 ... 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 ... 747 748 749 750 751 752 753 754 755 756 757 758 759 760 ... 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 ... 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 ... 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 |
* * Side effects: * Reads input from the input device of the channel. * *------------------------------------------------------------------- */ static int TlsInputProc(ClientData instanceData, /* Socket state. */ char *buf, /* Where to store data read. */ int bufSize, /* How much space is available * in the buffer? */ int *errorCodePtr) /* Where to store error code. */ { State *statePtr = (State *) instanceData; int bytesRead; /* How many bytes were read? */ *errorCodePtr = 0; dprintf("BIO_read(%d)", bufSize); if (statePtr->flags & TLS_TCL_CALLBACK) { /* don't process any bytes while verify callback is running */ dprintf("Callback is running, reading 0 bytes"); bytesRead = 0; goto input; } if (!SSL_is_init_finished(statePtr->ssl)) { dprintf("Calling Tls_WaitForConnect"); bytesRead = Tls_WaitForConnect(statePtr, errorCodePtr); if (bytesRead <= 0) { dprintf("Got an error (bytesRead = %i)", bytesRead); if (*errorCodePtr == ECONNRESET) { dprintf("Got connection reset"); /* Soft EOF */ *errorCodePtr = 0; bytesRead = 0; } goto input; } } if (statePtr->flags & TLS_TCL_INIT) { statePtr->flags &= ~(TLS_TCL_INIT); } /* * We need to clear the SSL error stack now because we sometimes reach * this function with leftover errors in the stack. If BIO_read * returns -1 and intends EAGAIN, there is a leftover error, it will be * misconstrued as an error, not EAGAIN. * * Alternatively, we may want to handle the <0 return codes from * BIO_read specially (as advised in the RSA docs). TLS's lower level BIO * functions play with the retry flags though, and this seems to work * correctly. Similar fix in TlsOutputProc. - hobbs */ ERR_clear_error(); bytesRead = BIO_read(statePtr->bio, buf, bufSize); dprintf("BIO_read -> %d", bytesRead); if (bytesRead <= 0) { int err = SSL_get_error(statePtr->ssl, bytesRead); if (err == SSL_ERROR_SSL) { Tls_Error(statePtr, TCLTLS_SSL_ERROR(statePtr->ssl, bytesRead)); *errorCodePtr = ECONNABORTED; } else if (BIO_should_retry(statePtr->bio)) { dprintf("retry based on EAGAIN"); *errorCodePtr = EAGAIN; } else { *errorCodePtr = Tcl_GetErrno(); if (*errorCodePtr == ECONNRESET || bytesRead < 0) { /* Soft EOF */ *errorCodePtr = 0; bytesRead = 0; } else { dprintf("Got an unexpected error: %i", *errorCodePtr); } } } else { dprintBuffer(buf, bytesRead); } input: dprintf("Input(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr); return bytesRead; } /* *------------------------------------------------------------------- * * TlsOutputProc -- * ................................................................................ * * Side effects: * Writes output on the output device of the channel. * *------------------------------------------------------------------- */ static int TlsOutputProc(ClientData instanceData, /* Socket state. */ CONST char *buf, /* The data buffer. */ int toWrite, /* How many bytes to write? */ int *errorCodePtr) /* Where to store error code. */ { State *statePtr = (State *) instanceData; int written, err; *errorCodePtr = 0; dprintf("BIO_write(%p, %d)", (void *) statePtr, toWrite); dprintBuffer(buf, toWrite); if (statePtr->flags & TLS_TCL_CALLBACK) { /* don't process any bytes while verify callback is running */ written = -1; *errorCodePtr = EAGAIN; goto output; } if (!SSL_is_init_finished(statePtr->ssl)) { dprintf("Calling Tls_WaitForConnect"); written = Tls_WaitForConnect(statePtr, errorCodePtr); if (written <= 0) { dprintf("Tls_WaitForConnect returned %i (err = %i)", written, *errorCodePtr); goto output; } } if (statePtr->flags & TLS_TCL_INIT) { statePtr->flags &= ~(TLS_TCL_INIT); } if (toWrite == 0) { dprintf("zero-write"); BIO_flush(statePtr->bio); written = 0; goto output; } else { /* * We need to clear the SSL error stack now because we sometimes reach * this function with leftover errors in the stack. If BIO_write * returns -1 and intends EAGAIN, there is a leftover error, it will be * misconstrued as an error, not EAGAIN. * * Alternatively, we may want to handle the <0 return codes from * BIO_write specially (as advised in the RSA docs). TLS's lower level * BIO functions play with the retry flags though, and this seems to * work correctly. Similar fix in TlsInputProc. - hobbs */ ERR_clear_error(); written = BIO_write(statePtr->bio, buf, toWrite); dprintf("BIO_write(%p, %d) -> [%d]", (void *) statePtr, toWrite, written); } if (written <= 0) { switch ((err = SSL_get_error(statePtr->ssl, written))) { case SSL_ERROR_NONE: if (written < 0) { written = 0; } break; case SSL_ERROR_WANT_WRITE: dprintf(" write W BLOCK"); break; case SSL_ERROR_WANT_READ: dprintf(" write R BLOCK"); break; case SSL_ERROR_WANT_X509_LOOKUP: dprintf(" write X BLOCK"); break; case SSL_ERROR_ZERO_RETURN: dprintf(" closed"); written = 0; break; case SSL_ERROR_SYSCALL: *errorCodePtr = Tcl_GetErrno(); dprintf(" [%d] syscall errr: %d", written, *errorCodePtr); written = -1; break; case SSL_ERROR_SSL: Tls_Error(statePtr, TCLTLS_SSL_ERROR(statePtr->ssl, written)); *errorCodePtr = ECONNABORTED; written = -1; break; default: dprintf(" unknown err: %d", err); break; } } output: dprintf("Output(%d) -> %d", toWrite, written); return written; } /* *------------------------------------------------------------------- * * TlsGetOptionProc -- * ................................................................................ * Side effects: * May process the incoming event by itself. * *------------------------------------------------------------------- */ static int TlsNotifyProc(ClientData instanceData, int mask) { State *statePtr = (State *) instanceData; /* * An event occured in the underlying channel. This * transformation doesn't process such events thus returns the * incoming mask unchanged. */ if (statePtr->timer != (Tcl_TimerToken) NULL) { /* * Delete an existing timer. It was not fired, yet we are * here, so the channel below generated such an event and we * don't have to. The renewal of the interest after the * execution of channel handlers will eventually cause us to * recreate the timer (in WatchProc). */ Tcl_DeleteTimerHandler(statePtr->timer); statePtr->timer = (Tcl_TimerToken) NULL; } if (statePtr->flags & TLS_TCL_CALLBACK) { dprintf("Returning 0 due to callback"); return 0; } if ((statePtr->flags & TLS_TCL_INIT) && !SSL_is_init_finished(statePtr->ssl)) { int errorCode = 0; dprintf("Calling Tls_WaitForConnect"); if (Tls_WaitForConnect(statePtr, &errorCode) <= 0) { if (errorCode == EAGAIN) { dprintf("Async flag could be set (didn't check) and errorCode == EAGAIN: Returning 0"); return 0; } dprintf("Tls_WaitForConnect returned an error"); } } dprintf("Returning %i", mask); return mask; } #if 0 /* *------------------------------------------------------* * * TlsChannelHandler -- ................................................................................ * * Result: * None. * *------------------------------------------------------* */ static void TlsChannelHandlerTimer (clientData) ClientData clientData; /* Transformation to query */ { State *statePtr = (State *) clientData; int mask = 0; statePtr->timer = (Tcl_TimerToken) NULL; if (BIO_wpending(statePtr->bio)) { mask |= TCL_WRITABLE; } if (BIO_pending(statePtr->bio)) { mask |= TCL_READABLE; } Tcl_NotifyChannel(statePtr->self, mask); } /* *------------------------------------------------------* * * Tls_WaitForConnect -- * ................................................................................ int Tls_WaitForConnect(State *statePtr, int *errorCodePtr) { unsigned long backingError; int err, rc; int bioShouldRetry; dprintf("WaitForConnect(%p)", (void *) statePtr); dprintFlags(statePtr); if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) { /* * We choose ECONNRESET over ECONNABORTED here because some server * side code, on the wiki for example, sets up a read handler that * does a read and if eof closes the channel. There is no catch/try * around the reads so exceptions will result in potentially many ................................................................................ rc = SSL_get_error(statePtr->ssl, err); dprintf("Got error: %i (rc = %i)", err, rc); bioShouldRetry = 0; if (err <= 0) { if (rc == SSL_ERROR_WANT_CONNECT || rc == SSL_ERROR_WANT_ACCEPT) { bioShouldRetry = 1; } else if (BIO_should_retry(statePtr->bio)) { bioShouldRetry = 1; } } if (bioShouldRetry) { dprintf("The I/O did not complete -- but we should try it again"); if (statePtr->flags & TLS_TCL_ASYNC) { dprintf("Returning EAGAIN so that it can be retried later"); ................................................................................ switch (rc) { case SSL_ERROR_NONE: /* The connection is up, we are done here */ dprintf("The connection is up"); break; case SSL_ERROR_ZERO_RETURN: dprintf("SSL_ERROR_ZERO_RETURN: Connect returned an invalid value...") return(-1); case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: dprintf("SSL_ERROR_WANT read/write -- not sure what to do here"); return(-1); case SSL_ERROR_SYSCALL: backingError = ERR_get_error(); dprintf("I/O error occured"); if (backingError == 0 && err == 0) { dprintf("EOF reached") } statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; *errorCodePtr = ECONNRESET; return(-1); case SSL_ERROR_SSL: dprintf("Got permenant fatal SSL error, aborting immediately"); Tls_Error(statePtr, (char *)ERR_reason_error_string(ERR_get_error())); statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; *errorCodePtr = ECONNABORTED; return(-1); case SSL_ERROR_WANT_CONNECT: case SSL_ERROR_WANT_ACCEPT: case SSL_ERROR_WANT_X509_LOOKUP: default: dprintf("We got a confusing reply: %i", rc); *errorCodePtr = Tcl_GetErrno(); dprintf("ERR(%d, %d) ", rc, *errorCodePtr); return(-1); } if (statePtr->flags & TLS_TCL_SERVER) { dprintf("This is an TLS server, checking the certificate for the peer"); err = SSL_get_verify_result(statePtr->ssl); if (err != X509_V_OK) { dprintf("Invalid certificate, returning in failure"); ................................................................................ Tls_Error(statePtr, (char *)X509_verify_cert_error_string(err)); statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; *errorCodePtr = ECONNABORTED; return(-1); } } *errorCodePtr = 0; return(0); } Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags) { dprintf("Requested to get parent of channel %p", statePtr->self); if ((statePtr->flags & ~maskFlags) & TLS_TCL_FASTPATH) { dprintf("Asked to get the parent channel while we are using FastPath -- returning NULL"); return(NULL); } return(Tcl_GetStackedChannel(statePtr->self)); } |
< | < < < < < | | > > | | | | | | < > | < | | < > | | | | | | | < > | < | | | > | | | | | | | | | | | | | | < | < < < | | | < < < < < < < < | | < > > | > > > > > > > > > > | | | | < | < < < < | | | | | | < > | | < > | < | | | < > | < < < | | | | < < > > > > < | | < | > | | | | | | | | | | | | | | | | | | | | | < | | | | | | | | | | < | | | | > | | | | | < | | | | | | | | < | | | | | | | < < < | > | | | | | | | < | | < | < < | | > > | | > > | | > | > > | | > > | > > > > > > > > > > | > > > > < < < < < | < > > > > > |
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 ... 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 ... 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 ... 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 ... 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 ... 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 ... 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 ... 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 |
* * Side effects: * Reads input from the input device of the channel. * *------------------------------------------------------------------- */ static int TlsInputProc(ClientData instanceData, char *buf, int bufSize, int *errorCodePtr) { State *statePtr = (State *) instanceData; int bytesRead; int tlsConnect; int err; *errorCodePtr = 0; dprintf("BIO_read(%d)", bufSize); if (statePtr->flags & TLS_TCL_CALLBACK) { /* don't process any bytes while verify callback is running */ dprintf("Callback is running, reading 0 bytes"); bytesRead = 0; return(0); } dprintf("Calling Tls_WaitForConnect"); tlsConnect = Tls_WaitForConnect(statePtr, errorCodePtr); if (tlsConnect < 0) { dprintf("Got an error (bytesRead = %i)", bytesRead); if (*errorCodePtr == ECONNRESET) { dprintf("Got connection reset"); /* Soft EOF */ *errorCodePtr = 0; bytesRead = 0; } return(bytesRead); } if (statePtr->flags & TLS_TCL_INIT) { statePtr->flags &= ~(TLS_TCL_INIT); } /* * We need to clear the SSL error stack now because we sometimes reach * this function with leftover errors in the stack. If BIO_read * returns -1 and intends EAGAIN, there is a leftover error, it will be * misconstrued as an error, not EAGAIN. * * Alternatively, we may want to handle the <0 return codes from * BIO_read specially (as advised in the RSA docs). TLS's lower level BIO * functions play with the retry flags though, and this seems to work * correctly. Similar fix in TlsOutputProc. - hobbs */ ERR_clear_error(); bytesRead = BIO_read(statePtr->bio, buf, bufSize); dprintf("BIO_read -> %d", bytesRead); err = SSL_get_error(statePtr->ssl, bytesRead); if (BIO_should_retry(statePtr->bio)) { dprintf("I/O failed, will retry based on EAGAIN"); *errorCodePtr = EAGAIN; } switch (err) { case SSL_ERROR_NONE: dprintBuffer(buf, bytesRead); break; case SSL_ERROR_SSL: Tls_Error(statePtr, TCLTLS_SSL_ERROR(statePtr->ssl, bytesRead)); *errorCodePtr = ECONNABORTED; break; case SSL_ERROR_SYSCALL: dprintf("I/O error reading, treating it as EOF"); *errorCodePtr = 0; bytesRead = 0; break; } input: dprintf("Input(%d) -> %d [%d]", bufSize, bytesRead, *errorCodePtr); return bytesRead; } /* *------------------------------------------------------------------- * * TlsOutputProc -- * ................................................................................ * * Side effects: * Writes output on the output device of the channel. * *------------------------------------------------------------------- */ static int TlsOutputProc(ClientData instanceData, CONST char *buf, int toWrite, int *errorCodePtr) { State *statePtr = (State *) instanceData; int written, err; *errorCodePtr = 0; dprintf("BIO_write(%p, %d)", (void *) statePtr, toWrite); dprintBuffer(buf, toWrite); if (statePtr->flags & TLS_TCL_CALLBACK) { dprintf("Don't process output while callbacks are running") written = -1; *errorCodePtr = EAGAIN; return(-1); } dprintf("Calling Tls_WaitForConnect"); written = Tls_WaitForConnect(statePtr, errorCodePtr); if (written < 0) { dprintf("Tls_WaitForConnect returned %i (err = %i)", written, *errorCodePtr); return(-1); } if (toWrite == 0) { dprintf("zero-write"); BIO_flush(statePtr->bio); written = 0; *errorCodePtr = 0; return(0); } /* * We need to clear the SSL error stack now because we sometimes reach * this function with leftover errors in the stack. If BIO_write * returns -1 and intends EAGAIN, there is a leftover error, it will be * misconstrued as an error, not EAGAIN. * * Alternatively, we may want to handle the <0 return codes from * BIO_write specially (as advised in the RSA docs). TLS's lower level * BIO functions play with the retry flags though, and this seems to * work correctly. Similar fix in TlsInputProc. - hobbs */ ERR_clear_error(); written = BIO_write(statePtr->bio, buf, toWrite); dprintf("BIO_write(%p, %d) -> [%d]", (void *) statePtr, toWrite, written); err = SSL_get_error(statePtr->ssl, written); switch (err) { case SSL_ERROR_NONE: if (written < 0) { written = 0; } break; case SSL_ERROR_WANT_WRITE: dprintf(" write W BLOCK"); break; case SSL_ERROR_WANT_READ: dprintf(" write R BLOCK"); break; case SSL_ERROR_WANT_X509_LOOKUP: dprintf(" write X BLOCK"); break; case SSL_ERROR_ZERO_RETURN: dprintf(" closed"); written = 0; break; case SSL_ERROR_SYSCALL: *errorCodePtr = Tcl_GetErrno(); dprintf(" [%d] syscall errr: %d", written, *errorCodePtr); written = -1; break; case SSL_ERROR_SSL: Tls_Error(statePtr, TCLTLS_SSL_ERROR(statePtr->ssl, written)); *errorCodePtr = ECONNABORTED; written = -1; break; default: dprintf(" unknown err: %d", err); break; } output: dprintf("Output(%d) -> %d", toWrite, written); return(written); } /* *------------------------------------------------------------------- * * TlsGetOptionProc -- * ................................................................................ * Side effects: * May process the incoming event by itself. * *------------------------------------------------------------------- */ static int TlsNotifyProc(ClientData instanceData, int mask) { State *statePtr = (State *) instanceData; int errorCode; /* * An event occured in the underlying channel. This * transformation doesn't process such events thus returns the * incoming mask unchanged. */ if (statePtr->timer != (Tcl_TimerToken) NULL) { /* * Delete an existing timer. It was not fired, yet we are * here, so the channel below generated such an event and we * don't have to. The renewal of the interest after the * execution of channel handlers will eventually cause us to * recreate the timer (in WatchProc). */ Tcl_DeleteTimerHandler(statePtr->timer); statePtr->timer = (Tcl_TimerToken) NULL; } if (statePtr->flags & TLS_TCL_CALLBACK) { dprintf("Returning 0 due to callback"); return 0; } dprintf("Calling Tls_WaitForConnect"); errorCode = 0; if (Tls_WaitForConnect(statePtr, &errorCode) < 0) { if (errorCode == EAGAIN) { dprintf("Async flag could be set (didn't check) and errorCode == EAGAIN: Returning 0"); return 0; } dprintf("Tls_WaitForConnect returned an error"); } dprintf("Returning %i", mask); return(mask); } #if 0 /* *------------------------------------------------------* * * TlsChannelHandler -- ................................................................................ * * Result: * None. * *------------------------------------------------------* */ static void TlsChannelHandlerTimer(ClientData clientData) { State *statePtr = (State *) clientData; int mask = 0; dprintf("Called"); statePtr->timer = (Tcl_TimerToken) NULL; if (BIO_wpending(statePtr->bio)) { dprintf("[chan=%p] BIO writable", statePtr->self); mask |= TCL_WRITABLE; } if (BIO_pending(statePtr->bio)) { dprintf("[chan=%p] BIO readable", statePtr->self); mask |= TCL_READABLE; } dprintf("Notifying ourselves"); Tcl_NotifyChannel(statePtr->self, mask); dprintf("Returning"); return; } /* *------------------------------------------------------* * * Tls_WaitForConnect -- * ................................................................................ int Tls_WaitForConnect(State *statePtr, int *errorCodePtr) { unsigned long backingError; int err, rc; int bioShouldRetry; dprintf("WaitForConnect(%p)", (void *) statePtr); dprintFlags(statePtr); if (!(statePtr->flags & TLS_TCL_INIT)) { dprintf("Tls_WaitForConnect called on already initialized channel -- returning with immediate success"); *errorCodePtr = 0; return(0); } if (statePtr->flags & TLS_TCL_HANDSHAKE_FAILED) { /* * We choose ECONNRESET over ECONNABORTED here because some server * side code, on the wiki for example, sets up a read handler that * does a read and if eof closes the channel. There is no catch/try * around the reads so exceptions will result in potentially many ................................................................................ rc = SSL_get_error(statePtr->ssl, err); dprintf("Got error: %i (rc = %i)", err, rc); bioShouldRetry = 0; if (err <= 0) { if (rc == SSL_ERROR_WANT_CONNECT || rc == SSL_ERROR_WANT_ACCEPT || rc == SSL_ERROR_WANT_READ || rc == SSL_ERROR_WANT_WRITE) { bioShouldRetry = 1; } else if (BIO_should_retry(statePtr->bio)) { bioShouldRetry = 1; } } else { if (!SSL_is_init_finished(statePtr->ssl)) { bioShouldRetry = 1; } } if (bioShouldRetry) { dprintf("The I/O did not complete -- but we should try it again"); if (statePtr->flags & TLS_TCL_ASYNC) { dprintf("Returning EAGAIN so that it can be retried later"); ................................................................................ switch (rc) { case SSL_ERROR_NONE: /* The connection is up, we are done here */ dprintf("The connection is up"); break; case SSL_ERROR_ZERO_RETURN: dprintf("SSL_ERROR_ZERO_RETURN: Connect returned an invalid value...") return(-1); case SSL_ERROR_SYSCALL: backingError = ERR_get_error(); dprintf("I/O error occured"); if (backingError == 0 && err == 0) { dprintf("EOF reached") } statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; *errorCodePtr = ECONNRESET; return(-1); case SSL_ERROR_SSL: dprintf("Got permanent fatal SSL error, aborting immediately"); Tls_Error(statePtr, (char *)ERR_reason_error_string(ERR_get_error())); statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; *errorCodePtr = ECONNABORTED; return(-1); case SSL_ERROR_WANT_CONNECT: case SSL_ERROR_WANT_ACCEPT: case SSL_ERROR_WANT_X509_LOOKUP: default: dprintf("We got a confusing reply: %i", rc); *errorCodePtr = Tcl_GetErrno(); dprintf("ERR(%d, %d) ", rc, *errorCodePtr); return(-1); } if (statePtr->flags & TLS_TCL_SERVER) { dprintf("This is an TLS server, checking the certificate for the peer"); err = SSL_get_verify_result(statePtr->ssl); if (err != X509_V_OK) { dprintf("Invalid certificate, returning in failure"); ................................................................................ Tls_Error(statePtr, (char *)X509_verify_cert_error_string(err)); statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED; *errorCodePtr = ECONNABORTED; return(-1); } } dprintf("Removing the \"TLS_TCL_INIT\" flag since we have completed the handshake"); statePtr->flags &= ~TLS_TCL_INIT; dprintf("Returning in success"); *errorCodePtr = 0; return(0); } Tcl_Channel Tls_GetParent(State *statePtr, int maskFlags) { dprintf("Requested to get parent of channel %p", statePtr->self); if ((statePtr->flags & ~maskFlags) & TLS_TCL_FASTPATH) { dprintf("Asked to get the parent channel while we are using FastPath -- returning NULL"); return(NULL); } return(Tcl_GetStackedChannel(statePtr->self)); } |