[dovecot-cvs] dovecot/src/login-common common.h,1.1,1.2 main.c,1.5,1.6 ssl-proxy-gnutls.c,1.3,1.4 ssl-proxy-openssl.c,1.7,1.8 ssl-proxy.h,1.1,1.2

cras at procontrol.fi cras at procontrol.fi
Sun Feb 23 21:44:49 EET 2003 

Update of /home/cvs/dovecot/src/login-common
In directory danu:/tmp/cvs-serv7098/login-common

Modified Files:
	common.h main.c ssl-proxy-gnutls.c ssl-proxy-openssl.c 
	ssl-proxy.h 
Log Message:
Added setting verbose_ssl



Index: common.h
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/common.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- common.h	28 Jan 2003 21:35:26 -0000	1.1
+++ common.h	23 Feb 2003 19:44:47 -0000	1.2
@@ -5,6 +5,7 @@
 #include "../auth/auth-login-interface.h"
 
 extern int disable_plaintext_auth, process_per_connection, verbose_proctitle;
+extern int verbose_ssl;
 extern unsigned int max_logging_users;
 extern unsigned int login_process_uid;
 

Index: main.c
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/main.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- main.c	23 Feb 2003 10:45:46 -0000	1.5
+++ main.c	23 Feb 2003 19:44:47 -0000	1.6
@@ -16,6 +16,7 @@
 #include <syslog.h>
 
 int disable_plaintext_auth, process_per_connection, verbose_proctitle;
+int verbose_ssl;
 unsigned int max_logging_users;
 unsigned int login_process_uid;
 
@@ -119,7 +120,7 @@
 	if (process_per_connection)
 		main_close_listen();
 
-	fd_ssl = ssl_proxy_new(fd);
+	fd_ssl = ssl_proxy_new(fd, &ip);
 	if (fd_ssl == -1)
 		net_disconnect(fd);
 	else
@@ -163,7 +164,8 @@
 
 	disable_plaintext_auth = getenv("DISABLE_PLAINTEXT_AUTH") != NULL;
 	process_per_connection = getenv("PROCESS_PER_CONNECTION") != NULL;
-        verbose_proctitle = getenv("VERBOSE_PROCTITLE") != NULL;
+	verbose_proctitle = getenv("VERBOSE_PROCTITLE") != NULL;
+        verbose_ssl = getenv("VERBOSE_SSL") != NULL;
 
 	value = getenv("MAX_LOGGING_USERS");
 	max_logging_users = value == NULL ? 0 : strtoul(value, NULL, 10);

Index: ssl-proxy-gnutls.c
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/ssl-proxy-gnutls.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- ssl-proxy-gnutls.c	23 Feb 2003 10:53:21 -0000	1.3
+++ ssl-proxy-gnutls.c	23 Feb 2003 19:44:47 -0000	1.4
@@ -19,6 +19,8 @@
 	int refcount;
 
 	gnutls_session session;
+	struct ip_addr ip;
+
 	int fd_ssl, fd_plain;
 	struct io *io_ssl, *io_plain;
 	int io_ssl_dir;
@@ -60,20 +62,32 @@
 static int handle_ssl_error(struct ssl_proxy *proxy, int error)
 {
 	if (!gnutls_error_is_fatal(error)) {
+		if (!verbose_ssl)
+			return 0;
+
 		if (error == GNUTLS_E_WARNING_ALERT_RECEIVED) {
-			i_warning("Received SSL warning alert: %s",
-				  get_alert_text(proxy));
+			i_warning("Received SSL warning alert: %s [%s]",
+				  get_alert_text(proxy),
+				  net_ip2host(&proxy->ip));
+		} else {
+			i_warning("Non-fatal SSL error: %s: %s",
+				  get_alert_text(proxy),
+				  net_ip2host(&proxy->ip));
 		}
 		return 0;
 	}
 
-	/* fatal error occured */
-	if (error == GNUTLS_E_FATAL_ALERT_RECEIVED) {
-		i_warning("Received SSL fatal alert: %s",
-			  get_alert_text(proxy));
-	} else {
-		i_warning("Error reading from SSL client: %s",
-			  gnutls_strerror(error));
+	if (verbose_ssl) {
+		/* fatal error occured */
+		if (error == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+			i_warning("Received SSL fatal alert: %s [%s]",
+				  get_alert_text(proxy),
+				  net_ip2host(&proxy->ip));
+		} else {
+			i_warning("Error reading from SSL client: %s [%s]",
+				  gnutls_strerror(error),
+				  net_ip2host(&proxy->ip));
+		}
 	}
 
         gnutls_alert_send_appropriate(proxy->session, error);
@@ -290,7 +304,7 @@
 	return session;
 }
 
-int ssl_proxy_new(int fd)
+int ssl_proxy_new(int fd, struct ip_addr *ip)
 {
         struct ssl_proxy *proxy;
 	gnutls_session session;
@@ -316,6 +330,7 @@
 	proxy->session = session;
 	proxy->fd_ssl = fd;
 	proxy->fd_plain = sfd[0];
+	proxy->ip = *ip;
 
 	proxy->refcount++;
 	ssl_handshake(proxy);

Index: ssl-proxy-openssl.c
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- ssl-proxy-openssl.c	23 Feb 2003 13:13:09 -0000	1.7
+++ ssl-proxy-openssl.c	23 Feb 2003 19:44:47 -0000	1.8
@@ -24,6 +24,7 @@
 	int refcount;
 
 	SSL *ssl;
+	struct ip_addr ip;
         enum ssl_state state;
 
 	int fd_ssl, fd_plain;
@@ -150,9 +151,12 @@
 	return buf;
 }
 
-static void ssl_handle_error(struct ssl_proxy *proxy, int err, const char *func)
+static void ssl_handle_error(struct ssl_proxy *proxy, int ret, const char *func)
 {
-	err = SSL_get_error(proxy->ssl, err);
+	const char *errstr;
+	int err;
+
+	err = SSL_get_error(proxy->ssl, ret);
 
 	switch (err) {
 	case SSL_ERROR_WANT_READ:
@@ -163,7 +167,19 @@
 		break;
 	case SSL_ERROR_SYSCALL:
 		/* eat up the error queue */
-		/*i_warning("%s failed: %s", func, ssl_last_error());*/
+		if (verbose_ssl) {
+			if (ERR_peek_error() != 0)
+				errstr = ssl_last_error();
+			else {
+				if (ret == 0)
+					errstr = "EOF";
+				else
+					errstr = strerror(errno);
+			}
+
+			i_warning("%s syscall failed: %s [%s]",
+				  func, errstr, net_ip2host(&proxy->ip));
+		}
 		ssl_proxy_destroy(proxy);
 		break;
 	case SSL_ERROR_ZERO_RETURN:
@@ -171,12 +187,15 @@
 		ssl_proxy_destroy(proxy);
 		break;
 	case SSL_ERROR_SSL:
-		/*i_warning("%s failed: %s", func, ssl_last_error());*/
+		if (verbose_ssl) {
+			i_warning("%s failed: %s [%s]", func, ssl_last_error(),
+				  net_ip2host(&proxy->ip));
+		}
 		ssl_proxy_destroy(proxy);
 		break;
 	default:
-		i_warning("%s failed: unknown failure %d (%s)",
-			  func, err, ssl_last_error());
+		i_warning("%s failed: unknown failure %d (%s) [%s]",
+			  func, err, ssl_last_error(), net_ip2host(&proxy->ip));
 		ssl_proxy_destroy(proxy);
 		break;
 	}
@@ -272,7 +291,7 @@
         proxy->io_ssl_dir = dir;
 }
 
-int ssl_proxy_new(int fd)
+int ssl_proxy_new(int fd, struct ip_addr *ip)
 {
 	struct ssl_proxy *proxy;
 	SSL *ssl;
@@ -307,6 +326,7 @@
 	proxy->ssl = ssl;
 	proxy->fd_ssl = fd;
 	proxy->fd_plain = sfd[0];
+	proxy->ip = *ip;
 
 	proxy->state = SSL_STATE_HANDSHAKE;
 	ssl_set_direction(proxy, IO_READ);

Index: ssl-proxy.h
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/ssl-proxy.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- ssl-proxy.h	28 Jan 2003 21:35:26 -0000	1.1
+++ ssl-proxy.h	23 Feb 2003 19:44:47 -0000	1.2
@@ -1,12 +1,14 @@
 #ifndef __SSL_PROXY_H
 #define __SSL_PROXY_H
 
+struct ip_addr;
+
 extern int ssl_initialized;
 
 /* establish SSL connection with the given fd, returns a new fd which you
    must use from now on, or -1 if error occured. Unless -1 is returned,
    the given fd must be simply forgotten. */
-int ssl_proxy_new(int fd);
+int ssl_proxy_new(int fd, struct ip_addr *ip);
 
 void ssl_proxy_init(void);
 void ssl_proxy_deinit(void);

More information about the dovecot-cvs mailing list