Beispiel #1
0
void
SecureSocket::checkResult(int status, int& retry)
{
	// ssl errors are a little quirky. the "want" errors are normal and
	// should result in a retry.

	int errorCode = SSL_get_error(m_ssl->m_ssl, status);

	switch (errorCode) {
	case SSL_ERROR_NONE:
		retry = 0;
		// operation completed
		break;

	case SSL_ERROR_ZERO_RETURN:
		// connection closed
		isFatal(true);
		LOG((CLOG_DEBUG "ssl connection closed"));
		break;

	case SSL_ERROR_WANT_READ:
	case SSL_ERROR_WANT_WRITE:
	case SSL_ERROR_WANT_CONNECT:
	case SSL_ERROR_WANT_ACCEPT:
		// it seems like these sort of errors are part of openssl's normal behavior,
		// so we should expect a very high amount of these. sleeping doesn't seem to
		// help... maybe you just have to swallow the errors (yuck).
		retry++;
		LOG((CLOG_DEBUG2 "passive ssl error, error=%d, attempt=%d", errorCode, retry));
		break;

	case SSL_ERROR_SYSCALL:
		LOG((CLOG_ERR "ssl error occurred (system call failure)"));
		if (ERR_peek_error() == 0) {
			if (status == 0) {
				LOG((CLOG_ERR "eof violates ssl protocol"));
			}
			else if (status == -1) {
				// underlying socket I/O reproted an error
				try {
					ARCH->throwErrorOnSocket(getSocket());
				}
				catch (XArchNetwork& e) {
					LOG((CLOG_ERR "%s", e.what()));
				}
			}
		}

		isFatal(true);
		break;

	case SSL_ERROR_SSL:
		LOG((CLOG_ERR "ssl error occurred (generic failure)"));
		isFatal(true);
		break;

	default:
		LOG((CLOG_ERR "ssl error occurred (unknown failure)"));
		isFatal(true);
		break;
	}

	// If the retry max would exceed the allowed, treat it as a fatal error
	if (retry > maxRetry()) {
		LOG((CLOG_ERR "passive ssl error limit exceeded: %d", retry));
		isFatal(true);
	}

	if (isFatal()) {
		retry = 0;
		showError();
		disconnect();
	}
}
Beispiel #2
0
void
SecureSocket::checkResult(int status, int& retry)
{
	// ssl errors are a little quirky. the "want" errors are normal and
	// should result in a retry.

	int errorCode = SSL_get_error(m_ssl->m_ssl, status);

	switch (errorCode) {
	case SSL_ERROR_NONE:
		retry = 0;
		// operation completed
		break;

	case SSL_ERROR_ZERO_RETURN:
		// connection closed
		isFatal(true);
		LOG((CLOG_DEBUG "ssl connection closed"));
		break;

	case SSL_ERROR_WANT_READ:
		retry++;
		LOG((CLOG_DEBUG2 "want to read, error=%d, attempt=%d", errorCode, retry));
		break;

	case SSL_ERROR_WANT_WRITE:
		// Need to make sure the socket is known to be writable so the impending
		// select action actually triggers on a write. This isn't necessary for 
		// m_readable because the socket logic is always readable
		m_writable = true;
		retry++;
		LOG((CLOG_DEBUG2 "want to write, error=%d, attempt=%d", errorCode, retry));
		break;

	case SSL_ERROR_WANT_CONNECT:
		retry++;
		LOG((CLOG_DEBUG2 "want to connect, error=%d, attempt=%d", errorCode, retry));
		break;

	case SSL_ERROR_WANT_ACCEPT:
		retry++;
		LOG((CLOG_DEBUG2 "want to accept, error=%d, attempt=%d", errorCode, retry));
		break;

	case SSL_ERROR_SYSCALL:
		LOG((CLOG_ERR "ssl error occurred (system call failure)"));
		if (ERR_peek_error() == 0) {
			if (status == 0) {
				LOG((CLOG_ERR "eof violates ssl protocol"));
			}
			else if (status == -1) {
				// underlying socket I/O reproted an error
				try {
					ARCH->throwErrorOnSocket(getSocket());
				}
				catch (XArchNetwork& e) {
					LOG((CLOG_ERR "%s", e.what()));
				}
			}
		}

		isFatal(true);
		break;

	case SSL_ERROR_SSL:
		LOG((CLOG_ERR "ssl error occurred (generic failure)"));
		isFatal(true);
		break;

	default:
		LOG((CLOG_ERR "ssl error occurred (unknown failure)"));
		isFatal(true);
		break;
	}

	// If the retry max would exceed the allowed, treat it as a fatal error
	if (retry > maxRetry()) {
		LOG((CLOG_ERR "passive ssl error limit exceeded: %d", retry));
		isFatal(true);
	}

	if (isFatal()) {
		retry = 0;
		showError();
		disconnect();
	}
}