void
SecureSocket::checkResult(int status, int& retry)
{
// ssl errors are a little quirky. the "want" errors are normal and
// should result in a retry.
int errorCode = SSL_get_error(m_ssl->m_ssl, status);
switch (errorCode) {
case SSL_ERROR_NONE:
retry = 0;
// operation completed
break;
case SSL_ERROR_ZERO_RETURN:
// connection closed
isFatal(true);
LOG((CLOG_DEBUG "ssl connection closed"));
break;
case SSL_ERROR_WANT_READ:
case SSL_ERROR_WANT_WRITE:
case SSL_ERROR_WANT_CONNECT:
case SSL_ERROR_WANT_ACCEPT:
// it seems like these sort of errors are part of openssl's normal behavior,
// so we should expect a very high amount of these. sleeping doesn't seem to
// help... maybe you just have to swallow the errors (yuck).
retry++;
LOG((CLOG_DEBUG2 "passive ssl error, error=%d, attempt=%d", errorCode, retry));
break;
case SSL_ERROR_SYSCALL:
LOG((CLOG_ERR "ssl error occurred (system call failure)"));
if (ERR_peek_error() == 0) {
if (status == 0) {
LOG((CLOG_ERR "eof violates ssl protocol"));
}
else if (status == -1) {
// underlying socket I/O reproted an error
try {
ARCH->throwErrorOnSocket(getSocket());
}
catch (XArchNetwork& e) {
LOG((CLOG_ERR "%s", e.what()));
}
}
}
isFatal(true);
break;
case SSL_ERROR_SSL:
LOG((CLOG_ERR "ssl error occurred (generic failure)"));
isFatal(true);
break;
default:
LOG((CLOG_ERR "ssl error occurred (unknown failure)"));
isFatal(true);
break;
}
// If the retry max would exceed the allowed, treat it as a fatal error
if (retry > maxRetry()) {
LOG((CLOG_ERR "passive ssl error limit exceeded: %d", retry));
isFatal(true);
}
if (isFatal()) {
retry = 0;
showError();
disconnect();
}
}
void
SecureSocket::checkResult(int status, int& retry)
{
// ssl errors are a little quirky. the "want" errors are normal and
// should result in a retry.
int errorCode = SSL_get_error(m_ssl->m_ssl, status);
switch (errorCode) {
case SSL_ERROR_NONE:
retry = 0;
// operation completed
break;
case SSL_ERROR_ZERO_RETURN:
// connection closed
isFatal(true);
LOG((CLOG_DEBUG "ssl connection closed"));
break;
case SSL_ERROR_WANT_READ:
retry++;
LOG((CLOG_DEBUG2 "want to read, error=%d, attempt=%d", errorCode, retry));
break;
case SSL_ERROR_WANT_WRITE:
// Need to make sure the socket is known to be writable so the impending
// select action actually triggers on a write. This isn't necessary for
// m_readable because the socket logic is always readable
m_writable = true;
retry++;
LOG((CLOG_DEBUG2 "want to write, error=%d, attempt=%d", errorCode, retry));
break;
case SSL_ERROR_WANT_CONNECT:
retry++;
LOG((CLOG_DEBUG2 "want to connect, error=%d, attempt=%d", errorCode, retry));
break;
case SSL_ERROR_WANT_ACCEPT:
retry++;
LOG((CLOG_DEBUG2 "want to accept, error=%d, attempt=%d", errorCode, retry));
break;
case SSL_ERROR_SYSCALL:
LOG((CLOG_ERR "ssl error occurred (system call failure)"));
if (ERR_peek_error() == 0) {
if (status == 0) {
LOG((CLOG_ERR "eof violates ssl protocol"));
}
else if (status == -1) {
// underlying socket I/O reproted an error
try {
ARCH->throwErrorOnSocket(getSocket());
}
catch (XArchNetwork& e) {
LOG((CLOG_ERR "%s", e.what()));
}
}
}
isFatal(true);
break;
case SSL_ERROR_SSL:
LOG((CLOG_ERR "ssl error occurred (generic failure)"));
isFatal(true);
break;
default:
LOG((CLOG_ERR "ssl error occurred (unknown failure)"));
isFatal(true);
break;
}
// If the retry max would exceed the allowed, treat it as a fatal error
if (retry > maxRetry()) {
LOG((CLOG_ERR "passive ssl error limit exceeded: %d", retry));
isFatal(true);
}
if (isFatal()) {
retry = 0;
showError();
disconnect();
}
}
