[dovecot-cvs] dovecot/src/login-common common.h,1.1,1.2 main.c,1.5,1.6 ssl-proxy-gnutls.c,1.3,1.4 ssl-proxy-openssl.c,1.7,1.8 ssl-proxy.h,1.1,1.2
cras at procontrol.fi
cras at procontrol.fi
Sun Feb 23 21:44:49 EET 2003
Update of /home/cvs/dovecot/src/login-common
In directory danu:/tmp/cvs-serv7098/login-common
Modified Files:
common.h main.c ssl-proxy-gnutls.c ssl-proxy-openssl.c
ssl-proxy.h
Log Message:
Added setting verbose_ssl
Index: common.h
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/common.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- common.h 28 Jan 2003 21:35:26 -0000 1.1
+++ common.h 23 Feb 2003 19:44:47 -0000 1.2
@@ -5,6 +5,7 @@
#include "../auth/auth-login-interface.h"
extern int disable_plaintext_auth, process_per_connection, verbose_proctitle;
+extern int verbose_ssl;
extern unsigned int max_logging_users;
extern unsigned int login_process_uid;
Index: main.c
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/main.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- main.c 23 Feb 2003 10:45:46 -0000 1.5
+++ main.c 23 Feb 2003 19:44:47 -0000 1.6
@@ -16,6 +16,7 @@
#include <syslog.h>
int disable_plaintext_auth, process_per_connection, verbose_proctitle;
+int verbose_ssl;
unsigned int max_logging_users;
unsigned int login_process_uid;
@@ -119,7 +120,7 @@
if (process_per_connection)
main_close_listen();
- fd_ssl = ssl_proxy_new(fd);
+ fd_ssl = ssl_proxy_new(fd, &ip);
if (fd_ssl == -1)
net_disconnect(fd);
else
@@ -163,7 +164,8 @@
disable_plaintext_auth = getenv("DISABLE_PLAINTEXT_AUTH") != NULL;
process_per_connection = getenv("PROCESS_PER_CONNECTION") != NULL;
- verbose_proctitle = getenv("VERBOSE_PROCTITLE") != NULL;
+ verbose_proctitle = getenv("VERBOSE_PROCTITLE") != NULL;
+ verbose_ssl = getenv("VERBOSE_SSL") != NULL;
value = getenv("MAX_LOGGING_USERS");
max_logging_users = value == NULL ? 0 : strtoul(value, NULL, 10);
Index: ssl-proxy-gnutls.c
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/ssl-proxy-gnutls.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- ssl-proxy-gnutls.c 23 Feb 2003 10:53:21 -0000 1.3
+++ ssl-proxy-gnutls.c 23 Feb 2003 19:44:47 -0000 1.4
@@ -19,6 +19,8 @@
int refcount;
gnutls_session session;
+ struct ip_addr ip;
+
int fd_ssl, fd_plain;
struct io *io_ssl, *io_plain;
int io_ssl_dir;
@@ -60,20 +62,32 @@
static int handle_ssl_error(struct ssl_proxy *proxy, int error)
{
if (!gnutls_error_is_fatal(error)) {
+ if (!verbose_ssl)
+ return 0;
+
if (error == GNUTLS_E_WARNING_ALERT_RECEIVED) {
- i_warning("Received SSL warning alert: %s",
- get_alert_text(proxy));
+ i_warning("Received SSL warning alert: %s [%s]",
+ get_alert_text(proxy),
+ net_ip2host(&proxy->ip));
+ } else {
+ i_warning("Non-fatal SSL error: %s: %s",
+ get_alert_text(proxy),
+ net_ip2host(&proxy->ip));
}
return 0;
}
- /* fatal error occured */
- if (error == GNUTLS_E_FATAL_ALERT_RECEIVED) {
- i_warning("Received SSL fatal alert: %s",
- get_alert_text(proxy));
- } else {
- i_warning("Error reading from SSL client: %s",
- gnutls_strerror(error));
+ if (verbose_ssl) {
+ /* fatal error occured */
+ if (error == GNUTLS_E_FATAL_ALERT_RECEIVED) {
+ i_warning("Received SSL fatal alert: %s [%s]",
+ get_alert_text(proxy),
+ net_ip2host(&proxy->ip));
+ } else {
+ i_warning("Error reading from SSL client: %s [%s]",
+ gnutls_strerror(error),
+ net_ip2host(&proxy->ip));
+ }
}
gnutls_alert_send_appropriate(proxy->session, error);
@@ -290,7 +304,7 @@
return session;
}
-int ssl_proxy_new(int fd)
+int ssl_proxy_new(int fd, struct ip_addr *ip)
{
struct ssl_proxy *proxy;
gnutls_session session;
@@ -316,6 +330,7 @@
proxy->session = session;
proxy->fd_ssl = fd;
proxy->fd_plain = sfd[0];
+ proxy->ip = *ip;
proxy->refcount++;
ssl_handshake(proxy);
Index: ssl-proxy-openssl.c
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- ssl-proxy-openssl.c 23 Feb 2003 13:13:09 -0000 1.7
+++ ssl-proxy-openssl.c 23 Feb 2003 19:44:47 -0000 1.8
@@ -24,6 +24,7 @@
int refcount;
SSL *ssl;
+ struct ip_addr ip;
enum ssl_state state;
int fd_ssl, fd_plain;
@@ -150,9 +151,12 @@
return buf;
}
-static void ssl_handle_error(struct ssl_proxy *proxy, int err, const char *func)
+static void ssl_handle_error(struct ssl_proxy *proxy, int ret, const char *func)
{
- err = SSL_get_error(proxy->ssl, err);
+ const char *errstr;
+ int err;
+
+ err = SSL_get_error(proxy->ssl, ret);
switch (err) {
case SSL_ERROR_WANT_READ:
@@ -163,7 +167,19 @@
break;
case SSL_ERROR_SYSCALL:
/* eat up the error queue */
- /*i_warning("%s failed: %s", func, ssl_last_error());*/
+ if (verbose_ssl) {
+ if (ERR_peek_error() != 0)
+ errstr = ssl_last_error();
+ else {
+ if (ret == 0)
+ errstr = "EOF";
+ else
+ errstr = strerror(errno);
+ }
+
+ i_warning("%s syscall failed: %s [%s]",
+ func, errstr, net_ip2host(&proxy->ip));
+ }
ssl_proxy_destroy(proxy);
break;
case SSL_ERROR_ZERO_RETURN:
@@ -171,12 +187,15 @@
ssl_proxy_destroy(proxy);
break;
case SSL_ERROR_SSL:
- /*i_warning("%s failed: %s", func, ssl_last_error());*/
+ if (verbose_ssl) {
+ i_warning("%s failed: %s [%s]", func, ssl_last_error(),
+ net_ip2host(&proxy->ip));
+ }
ssl_proxy_destroy(proxy);
break;
default:
- i_warning("%s failed: unknown failure %d (%s)",
- func, err, ssl_last_error());
+ i_warning("%s failed: unknown failure %d (%s) [%s]",
+ func, err, ssl_last_error(), net_ip2host(&proxy->ip));
ssl_proxy_destroy(proxy);
break;
}
@@ -272,7 +291,7 @@
proxy->io_ssl_dir = dir;
}
-int ssl_proxy_new(int fd)
+int ssl_proxy_new(int fd, struct ip_addr *ip)
{
struct ssl_proxy *proxy;
SSL *ssl;
@@ -307,6 +326,7 @@
proxy->ssl = ssl;
proxy->fd_ssl = fd;
proxy->fd_plain = sfd[0];
+ proxy->ip = *ip;
proxy->state = SSL_STATE_HANDSHAKE;
ssl_set_direction(proxy, IO_READ);
Index: ssl-proxy.h
===================================================================
RCS file: /home/cvs/dovecot/src/login-common/ssl-proxy.h,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- ssl-proxy.h 28 Jan 2003 21:35:26 -0000 1.1
+++ ssl-proxy.h 23 Feb 2003 19:44:47 -0000 1.2
@@ -1,12 +1,14 @@
#ifndef __SSL_PROXY_H
#define __SSL_PROXY_H
+struct ip_addr;
+
extern int ssl_initialized;
/* establish SSL connection with the given fd, returns a new fd which you
must use from now on, or -1 if error occured. Unless -1 is returned,
the given fd must be simply forgotten. */
-int ssl_proxy_new(int fd);
+int ssl_proxy_new(int fd, struct ip_addr *ip);
void ssl_proxy_init(void);
void ssl_proxy_deinit(void);
More information about the dovecot-cvs
mailing list