Skip to content

Commit

Permalink
Wrap OpenSSL errors in Mongoose log
Browse files Browse the repository at this point in the history
  • Loading branch information
scaprile committed Nov 6, 2023
1 parent a619de0 commit 1f77e53
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 14 deletions.
20 changes: 13 additions & 7 deletions mongoose.c
Original file line number Diff line number Diff line change
Expand Up @@ -7766,7 +7766,13 @@ void mg_tls_ctx_free(struct mg_mgr *mgr) {


#if MG_TLS == MG_TLS_OPENSSL
static int mg_tls_err(struct mg_tls *tls, int res) {
static int tls_err_cb(const char *s, size_t len, void *c) {
int n = (int) len - 1;
MG_ERROR(("%lu %.*s", ((struct mg_connection *) c)->id, n, s));
return 0; // undocumented
}

static int mg_tls_err(struct mg_connection *c, struct mg_tls *tls, int res) {
int err = SSL_get_error(tls->ssl, res);
// We've just fetched the last error from the queue.
// Now we need to clear the error queue. If we do not, then the following
Expand All @@ -7777,7 +7783,7 @@ static int mg_tls_err(struct mg_tls *tls, int res) {
// Thus a single errored connection can close all the rest, unrelated ones.
// Clearing the error keeps the shared SSL_CTX in an OK state.

if (err != 0) ERR_print_errors_fp(stderr);
if (err != 0) ERR_print_errors_cb(tls_err_cb, c);
ERR_clear_error();
if (err == SSL_ERROR_WANT_READ) return 0;
if (err == SSL_ERROR_WANT_WRITE) return 0;
Expand Down Expand Up @@ -7871,7 +7877,7 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
rc = cert == NULL ? 0 : SSL_use_certificate(tls->ssl, cert);
X509_free(cert);
if (cert == NULL || rc != 1) {
mg_error(c, "CERT err %d", mg_tls_err(tls, rc));
mg_error(c, "CERT err %d", mg_tls_err(c, tls, rc));
goto fail;
}
}
Expand All @@ -7880,7 +7886,7 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
rc = key == NULL ? 0 : SSL_use_PrivateKey(tls->ssl, key);
EVP_PKEY_free(key);
if (key == NULL || rc != 1) {
mg_error(c, "KEY err %d", mg_tls_err(tls, rc));
mg_error(c, "KEY err %d", mg_tls_err(c, tls, rc));
goto fail;
}
}
Expand Down Expand Up @@ -7919,7 +7925,7 @@ void mg_tls_handshake(struct mg_connection *c) {
c->is_tls_hs = 0;
mg_call(c, MG_EV_TLS_HS, NULL);
} else {
int code = mg_tls_err(tls, rc);
int code = mg_tls_err(c, tls, rc);
if (code != 0) mg_error(c, "tls hs: rc %d, err %d", rc, code);
}
}
Expand All @@ -7941,15 +7947,15 @@ size_t mg_tls_pending(struct mg_connection *c) {
long mg_tls_recv(struct mg_connection *c, void *buf, size_t len) {
struct mg_tls *tls = (struct mg_tls *) c->tls;
int n = SSL_read(tls->ssl, buf, (int) len);
if (n < 0 && mg_tls_err(tls, n) == 0) return MG_IO_WAIT;
if (n < 0 && mg_tls_err(c, tls, n) == 0) return MG_IO_WAIT;
if (n <= 0) return MG_IO_ERR;
return n;
}

long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
struct mg_tls *tls = (struct mg_tls *) c->tls;
int n = SSL_write(tls->ssl, buf, (int) len);
if (n < 0 && mg_tls_err(tls, n) == 0) return MG_IO_WAIT;
if (n < 0 && mg_tls_err(c, tls, n) == 0) return MG_IO_WAIT;
if (n <= 0) return MG_IO_ERR;
return n;
}
Expand Down
20 changes: 13 additions & 7 deletions src/tls_openssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,13 @@
#include "tls.h"

#if MG_TLS == MG_TLS_OPENSSL
static int mg_tls_err(struct mg_tls *tls, int res) {
static int tls_err_cb(const char *s, size_t len, void *c) {
int n = (int) len - 1;
MG_ERROR(("%lu %.*s", ((struct mg_connection *) c)->id, n, s));
return 0; // undocumented
}

static int mg_tls_err(struct mg_connection *c, struct mg_tls *tls, int res) {
int err = SSL_get_error(tls->ssl, res);
// We've just fetched the last error from the queue.
// Now we need to clear the error queue. If we do not, then the following
Expand All @@ -13,7 +19,7 @@ static int mg_tls_err(struct mg_tls *tls, int res) {
// Thus a single errored connection can close all the rest, unrelated ones.
// Clearing the error keeps the shared SSL_CTX in an OK state.

if (err != 0) ERR_print_errors_fp(stderr);
if (err != 0) ERR_print_errors_cb(tls_err_cb, c);
ERR_clear_error();
if (err == SSL_ERROR_WANT_READ) return 0;
if (err == SSL_ERROR_WANT_WRITE) return 0;
Expand Down Expand Up @@ -107,7 +113,7 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
rc = cert == NULL ? 0 : SSL_use_certificate(tls->ssl, cert);
X509_free(cert);
if (cert == NULL || rc != 1) {
mg_error(c, "CERT err %d", mg_tls_err(tls, rc));
mg_error(c, "CERT err %d", mg_tls_err(c, tls, rc));
goto fail;
}
}
Expand All @@ -116,7 +122,7 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
rc = key == NULL ? 0 : SSL_use_PrivateKey(tls->ssl, key);
EVP_PKEY_free(key);
if (key == NULL || rc != 1) {
mg_error(c, "KEY err %d", mg_tls_err(tls, rc));
mg_error(c, "KEY err %d", mg_tls_err(c, tls, rc));
goto fail;
}
}
Expand Down Expand Up @@ -155,7 +161,7 @@ void mg_tls_handshake(struct mg_connection *c) {
c->is_tls_hs = 0;
mg_call(c, MG_EV_TLS_HS, NULL);
} else {
int code = mg_tls_err(tls, rc);
int code = mg_tls_err(c, tls, rc);
if (code != 0) mg_error(c, "tls hs: rc %d, err %d", rc, code);
}
}
Expand All @@ -177,15 +183,15 @@ size_t mg_tls_pending(struct mg_connection *c) {
long mg_tls_recv(struct mg_connection *c, void *buf, size_t len) {
struct mg_tls *tls = (struct mg_tls *) c->tls;
int n = SSL_read(tls->ssl, buf, (int) len);
if (n < 0 && mg_tls_err(tls, n) == 0) return MG_IO_WAIT;
if (n < 0 && mg_tls_err(c, tls, n) == 0) return MG_IO_WAIT;
if (n <= 0) return MG_IO_ERR;
return n;
}

long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
struct mg_tls *tls = (struct mg_tls *) c->tls;
int n = SSL_write(tls->ssl, buf, (int) len);
if (n < 0 && mg_tls_err(tls, n) == 0) return MG_IO_WAIT;
if (n < 0 && mg_tls_err(c, tls, n) == 0) return MG_IO_WAIT;
if (n <= 0) return MG_IO_ERR;
return n;
}
Expand Down

0 comments on commit 1f77e53

Please sign in to comment.