Skip to content

Commit

Permalink
tls: openssl: fix handling of noisy non TLS errors
Browse files Browse the repository at this point in the history 
Signed-off-by: Eduardo Silva <[email protected]>
  • Loading branch information
@edsiper
edsiper committed Jul 4, 2024
1 parent a3c66ed commit 66970cb
Showing 1 changed file with 39 additions and 22 deletions.
61 changes: 39 additions & 22 deletions src/tls/openssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ int tls_context_alpn_set(void *ctx_backend, const char *alpn)
result = 0;

if (alpn != NULL) {
wire_format_alpn = flb_calloc(strlen(alpn),
wire_format_alpn = flb_calloc(strlen(alpn),
sizeof(char) + 1);

if (wire_format_alpn == NULL) {
Expand All @@ -163,15 +163,15 @@ int tls_context_alpn_set(void *ctx_backend, const char *alpn)

if (alpn_working_copy == NULL) {
flb_free(wire_format_alpn);

return -1;
}

wire_format_alpn_index = 1;
alpn_token_context = NULL;

alpn_token = strtok_r(alpn_working_copy,
",",
alpn_token = strtok_r(alpn_working_copy,
",",
&alpn_token_context);

while (alpn_token != NULL) {
Expand All @@ -183,8 +183,8 @@ int tls_context_alpn_set(void *ctx_backend, const char *alpn)

wire_format_alpn_index += strlen(alpn_token) + 1;

alpn_token = strtok_r(NULL,
",",
alpn_token = strtok_r(NULL,
",",
&alpn_token_context);
}

Expand Down Expand Up @@ -220,8 +220,8 @@ static int tls_context_server_alpn_select_callback(SSL *ssl,
if (ctx->alpn != NULL) {
result = SSL_select_next_proto((unsigned char **) out,
outlen,
&ctx->alpn[1],
(unsigned int) ctx->alpn[0],
&ctx->alpn[1],
(unsigned int) ctx->alpn[0],
in,
inlen);

Expand All @@ -235,7 +235,7 @@ static int tls_context_server_alpn_select_callback(SSL *ssl,

return result;
}

#ifdef _MSC_VER
static int windows_load_system_certificates(struct tls_context *ctx)
{
Expand Down Expand Up @@ -305,7 +305,7 @@ static int load_system_certificates(struct tls_context *ctx)
}
return 0;
}

static void *tls_context_create(int verify,
int debug,
int mode,
Expand Down Expand Up @@ -369,8 +369,8 @@ static void *tls_context_create(int verify,
pthread_mutex_init(&ctx->mutex, NULL);

if (mode == FLB_TLS_SERVER_MODE) {
SSL_CTX_set_alpn_select_cb(ssl_ctx,
tls_context_server_alpn_select_callback,
SSL_CTX_set_alpn_select_cb(ssl_ctx,
tls_context_server_alpn_select_callback,
ctx);
}

Expand Down Expand Up @@ -578,6 +578,8 @@ static int tls_net_write(struct flb_tls_session *session,
const void *data, size_t len)
{
int ret;
int ssl_ret;
int err_code;
char err_buf[256];
size_t total = 0;
struct tls_context *ctx;
Expand All @@ -601,18 +603,28 @@ static int tls_net_write(struct flb_tls_session *session,
len - total);

if (ret <= 0) {
ret = SSL_get_error(backend_session->ssl, ret);
ssl_ret = SSL_get_error(backend_session->ssl, ret);

if (ret == SSL_ERROR_WANT_WRITE) {
if (ssl_ret == SSL_ERROR_WANT_WRITE) {
ret = FLB_TLS_WANT_WRITE;
}
else if (ret == SSL_ERROR_WANT_READ) {
else if (ssl_ret == SSL_ERROR_WANT_READ) {
ret = FLB_TLS_WANT_READ;
}
else if (ret == SSL_ERROR_SYSCALL) {
flb_errno();
ERR_error_string_n(ret, err_buf, sizeof(err_buf)-1);
flb_error("[tls] syscall error: %s", err_buf);
else if (ssl_ret == SSL_ERROR_SYSCALL) {
if (ERR_get_error() == 0) {
if (ret == 0) {
flb_debug("[tls] connection closed");
}
else {
flb_error("[tls] syscall error: %s", strerror(errno));
}
}
else {
err_code = ERR_get_error();
ERR_error_string_n(err_code, err_buf, sizeof(err_buf) - 1);
flb_error("[tls] syscall error: %s", err_buf);
}

/* According to the documentation these are non-recoverable
* errors so we don't need to screen them before saving them
Expand All @@ -624,9 +636,14 @@ static int tls_net_write(struct flb_tls_session *session,
ret = -1;
}
else {
ERR_error_string_n(ret, err_buf, sizeof(err_buf)-1);
flb_error("[tls] error: %s", err_buf);

err_code = ERR_get_error();
if (err_code == 0) {
flb_error("[tls] unknown error");
}
else {
ERR_error_string_n(err_code, err_buf, sizeof(err_buf) - 1);
flb_error("[tls] error: %s", err_buf);
}
ret = -1;
}
}
Expand Down

0 comments on commit 66970cb

Please sign in to comment.