dovecot-1.1: If TLS connection closes with anything except a cle...
dovecot at dovecot.org
dovecot at dovecot.org
Sat Mar 8 02:09:43 EET 2008
details: http://hg.dovecot.org/dovecot-1.1/rev/0bb3fc72a74f
changeset: 7374:0bb3fc72a74f
user: Timo Sirainen <tss at iki.fi>
date: Sat Mar 08 02:09:40 2008 +0200
description:
If TLS connection closes with anything except a clean disconnection, log the
reason in the normal disconnected line.
diffstat:
4 files changed, 49 insertions(+), 33 deletions(-)
src/login-common/client-common.c | 9 +++-
src/login-common/ssl-proxy-openssl.c | 67 ++++++++++++++++++----------------
src/login-common/ssl-proxy.c | 5 ++
src/login-common/ssl-proxy.h | 1
diffs (173 lines):
diff -r 4445415da4ff -r 0bb3fc72a74f src/login-common/client-common.c
--- a/src/login-common/client-common.c Fri Mar 07 14:25:06 2008 +0200
+++ b/src/login-common/client-common.c Sat Mar 08 02:09:40 2008 +0200
@@ -78,9 +78,12 @@ get_var_expand_table(struct client *clie
if (!client->tls) {
tab[11].value = client->secured ? "secured" : NULL;
} else {
- tab[11].value = client->proxy != NULL &&
- ssl_proxy_is_handshaked(client->proxy) ? "TLS" :
- "TLS handshaking";
+ const char *ssl_state = ssl_proxy_is_handshaked(client->proxy) ?
+ "TLS" : "TLS handshaking";
+ const char *ssl_error = ssl_proxy_get_last_error(client->proxy);
+
+ tab[11].value = ssl_error == NULL ? ssl_state :
+ t_strdup_printf("%s: %s", ssl_state, ssl_error);
}
return tab;
diff -r 4445415da4ff -r 0bb3fc72a74f src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Fri Mar 07 14:25:06 2008 +0200
+++ b/src/login-common/ssl-proxy-openssl.c Sat Mar 08 02:09:40 2008 +0200
@@ -49,6 +49,7 @@ struct ssl_proxy {
unsigned char sslout_buf[1024];
unsigned int sslout_size;
+ char *last_error;
unsigned int handshaked:1;
unsigned int destroyed:1;
unsigned int cert_received:1;
@@ -320,9 +321,12 @@ static void ssl_handle_error(struct ssl_
static void ssl_handle_error(struct ssl_proxy *proxy, int ret,
const char *func_name)
{
- const char *errstr;
+ const char *errstr = NULL;
int err;
+ proxy->refcount++;
+
+ i_free_and_null(proxy->last_error);
err = SSL_get_error(proxy->ssl, ret);
switch (err) {
@@ -334,42 +338,37 @@ static void ssl_handle_error(struct ssl_
break;
case SSL_ERROR_SYSCALL:
/* eat up the error queue */
- if (verbose_ssl) {
- if (ERR_peek_error() != 0)
- errstr = ssl_last_error();
- else if (ret != 0)
- errstr = strerror(errno);
- else {
- /* EOF. don't bother logging this. */
- errstr = NULL;
- }
-
- if (errstr != NULL) {
- i_warning("%s syscall failed: %s [%s]",
- func_name, errstr,
- net_ip2addr(&proxy->ip));
- }
- }
- ssl_proxy_destroy(proxy);
+ if (ERR_peek_error() != 0)
+ errstr = ssl_last_error();
+ else if (ret != 0)
+ errstr = strerror(errno);
+ else {
+ /* EOF. */
+ errstr = "Disconnected";
+ break;
+ }
+ errstr = t_strdup_printf("%s syscall failed: %s",
+ func_name, errstr);
break;
case SSL_ERROR_ZERO_RETURN:
/* clean connection closing */
ssl_proxy_destroy(proxy);
break;
case SSL_ERROR_SSL:
- if (verbose_ssl) {
- i_warning("%s failed: %s [%s]", func_name,
- ssl_last_error(), net_ip2addr(&proxy->ip));
- }
+ errstr = t_strdup_printf("%s failed: %s",
+ func_name, ssl_last_error());
+ break;
+ default:
+ errstr = t_strdup_printf("%s failed: unknown failure %d (%s)",
+ func_name, err, ssl_last_error());
+ break;
+ }
+
+ if (errstr != NULL) {
+ proxy->last_error = i_strdup(errstr);
ssl_proxy_destroy(proxy);
- break;
- default:
- i_warning("%s failed: unknown failure %d (%s) [%s]",
- func_name, err, ssl_last_error(),
- net_ip2addr(&proxy->ip));
- ssl_proxy_destroy(proxy);
- break;
- }
+ }
+ ssl_proxy_unref(proxy);
}
static void ssl_handshake(struct ssl_proxy *proxy)
@@ -380,6 +379,7 @@ static void ssl_handshake(struct ssl_pro
if (ret != 1)
ssl_handle_error(proxy, ret, "SSL_accept()");
else {
+ i_free_and_null(proxy->last_error);
proxy->handshaked = TRUE;
ssl_set_io(proxy, SSL_ADD_INPUT);
@@ -401,6 +401,7 @@ static void ssl_read(struct ssl_proxy *p
ssl_handle_error(proxy, ret, "SSL_read()");
break;
} else {
+ i_free_and_null(proxy->last_error);
proxy->plainout_size += ret;
plain_write(proxy);
}
@@ -415,6 +416,7 @@ static void ssl_write(struct ssl_proxy *
if (ret <= 0)
ssl_handle_error(proxy, ret, "SSL_write()");
else {
+ i_free_and_null(proxy->last_error);
proxy->sslout_size -= ret;
memmove(proxy->sslout_buf, proxy->sslout_buf + ret,
proxy->sslout_size);
@@ -538,6 +540,11 @@ bool ssl_proxy_is_handshaked(struct ssl_
bool ssl_proxy_is_handshaked(struct ssl_proxy *proxy)
{
return proxy->handshaked;
+}
+
+const char *ssl_proxy_get_last_error(struct ssl_proxy *proxy)
+{
+ return proxy->last_error;
}
void ssl_proxy_free(struct ssl_proxy *proxy)
diff -r 4445415da4ff -r 0bb3fc72a74f src/login-common/ssl-proxy.c
--- a/src/login-common/ssl-proxy.c Fri Mar 07 14:25:06 2008 +0200
+++ b/src/login-common/ssl-proxy.c Sat Mar 08 02:09:40 2008 +0200
@@ -31,6 +31,11 @@ bool ssl_proxy_is_handshaked(struct ssl_
return FALSE;
}
+const char *ssl_proxy_get_last_error(struct ssl_proxy *proxy ATTR_UNUSED)
+{
+ return NULL;
+}
+
void ssl_proxy_free(struct ssl_proxy *proxy ATTR_UNUSED) {}
unsigned int ssl_proxy_get_count(void)
diff -r 4445415da4ff -r 0bb3fc72a74f src/login-common/ssl-proxy.h
--- a/src/login-common/ssl-proxy.h Fri Mar 07 14:25:06 2008 +0200
+++ b/src/login-common/ssl-proxy.h Sat Mar 08 02:09:40 2008 +0200
@@ -13,6 +13,7 @@ bool ssl_proxy_has_valid_client_cert(str
bool ssl_proxy_has_valid_client_cert(struct ssl_proxy *proxy);
const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy);
bool ssl_proxy_is_handshaked(struct ssl_proxy *proxy);
+const char *ssl_proxy_get_last_error(struct ssl_proxy *proxy);
void ssl_proxy_free(struct ssl_proxy *proxy);
/* Return number of active SSL proxies */
More information about the dovecot-cvs
mailing list