[exim-cvs] OpenSSL: clearer log message for TCP conn close a…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Delete this message
Reply to this message
Author: Exim Git Commits Mailing List
Date:  
To: exim-cvs
Subject: [exim-cvs] OpenSSL: clearer log message for TCP conn close at SSL_accept
Gitweb: https://git.exim.org/exim.git/commitdiff/c31e16a54f91476ce97ccd4d53a18c5bced1b320
Commit:     c31e16a54f91476ce97ccd4d53a18c5bced1b320
Parent:     9b62f401ae723894ac123c555a02390e061d24e6
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Tue Oct 1 14:01:00 2019 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Tue Oct 1 17:05:55 2019 +0100


    OpenSSL: clearer log message for TCP conn close at SSL_accept
---
 src/src/tls-openssl.c | 37 +++++++++++++++++++++++++++++++++++--
 test/log/2111         |  2 +-
 2 files changed, 36 insertions(+), 3 deletions(-)


diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index d165eb2..e072406 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -2630,8 +2630,41 @@ ALARM_CLR(0); 

 if (rc <= 0)
   {
-  (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
-  return FAIL;
+  int error = SSL_get_error(server_ssl, rc);
+  switch(error)
+    {
+    case SSL_ERROR_NONE:
+      break;
+
+    case SSL_ERROR_ZERO_RETURN:
+      DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n");
+      (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
+
+      if (SSL_get_shutdown(server_ssl) == SSL_RECEIVED_SHUTDOWN)
+        SSL_shutdown(server_ssl);
+
+      tls_close(NULL, TLS_NO_SHUTDOWN);
+      return FAIL;
+
+    /* Handle genuine errors */
+    case SSL_ERROR_SSL:
+      (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
+      return FAIL;
+
+    default:
+      DEBUG(D_tls) debug_printf("Got SSL error %d\n", error);
+      if (error == SSL_ERROR_SYSCALL)
+    {
+    if (!errno)
+      {
+      *errstr = US"SSL_accept: TCP connection closed by peer";
+      return FAIL;
+      }
+    DEBUG(D_tls) debug_printf(" - syscall %s\n", strerror(errno));
+    }
+      (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr);
+      return FAIL;
+    }
   }


DEBUG(D_tls) debug_printf("SSL_accept was successful\n");
diff --git a/test/log/2111 b/test/log/2111
index 280a02d..d642c04 100644
--- a/test/log/2111
+++ b/test/log/2111
@@ -8,5 +8,5 @@

******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] (SSL_accept): error: <<detail omitted>>
+1999-03-02 09:44:33 TLS error on connection from the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] SSL_accept: TCP connection closed by peer
1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? H=localhost (myhost.test.ex) [127.0.0.1] P=esmtps X=TLS1.x:AES256-SHA:256 CV=yes DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" S=sss id=E10HmaX-0005vi-00@???

This message was posted to the following mailing lists:
exim-cvs
Mailing List Info | Nearby Messages		<-[exim-cvs] DSN: add References: header. Bug 2452[exim-cvs] Testsuite: use a %ifname appended to fe80:: ipv6 address when using such->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)