Changeset 4376 for pjproject/branches/1.x/pjlib/src/pj/ssl_sock_ossl.c
- Timestamp:
- Feb 27, 2013 9:41:37 AM (12 years ago)
- Location:
- pjproject/branches/1.x
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/branches/1.x
- Property svn:mergeinfo changed
/pjproject/trunk merged: 4146
- Property svn:mergeinfo changed
-
pjproject/branches/1.x/pjlib/src/pj/ssl_sock_ossl.c
r3942 r4376 159 159 pj_status_t verify_status; 160 160 161 unsigned long last_err; 162 161 163 pj_sock_t sock; 162 164 pj_activesock_t *asock; … … 213 215 #define PJ_SSL_ERRNO_SPACE_SIZE PJ_ERRNO_SPACE_SIZE 214 216 215 #define STATUS_FROM_SSL_ERR(err, status) { \ 216 status = ERR_GET_LIB(err)*300 + ERR_GET_REASON(err);\ 217 pj_assert(status < PJ_SSL_ERRNO_SPACE_SIZE);\ 218 if (status) status += PJ_SSL_ERRNO_START;\ 219 } 220 221 #define GET_SSL_STATUS(status) { \ 222 unsigned long e = ERR_get_error();\ 223 STATUS_FROM_SSL_ERR(e, status);\ 224 } 217 /* Expected maximum value of reason component in OpenSSL error code */ 218 #define MAX_OSSL_ERR_REASON 1200 219 220 static pj_status_t STATUS_FROM_SSL_ERR(pj_ssl_sock_t *ssock, 221 unsigned long err) 222 { 223 pj_status_t status; 224 225 /* General SSL error, dig more from OpenSSL error queue */ 226 if (err == SSL_ERROR_SSL) 227 err = ERR_get_error(); 228 229 /* OpenSSL error range is much wider than PJLIB errno space, so 230 * if it exceeds the space, only the error reason will be kept. 231 * Note that the last native error will be kept as is and can be 232 * retrieved via SSL socket info. 233 */ 234 status = ERR_GET_LIB(err)*MAX_OSSL_ERR_REASON + ERR_GET_REASON(err); 235 if (status > PJ_SSL_ERRNO_SPACE_SIZE) 236 status = ERR_GET_REASON(err); 237 238 status += PJ_SSL_ERRNO_START; 239 ssock->last_err = err; 240 return status; 241 } 242 243 static pj_status_t GET_SSL_STATUS(pj_ssl_sock_t *ssock) 244 { 245 return STATUS_FROM_SSL_ERR(ssock, ERR_get_error()); 246 } 247 225 248 226 249 /* … … 236 259 unsigned long l, r; 237 260 ssl_err -= PJ_SSL_ERRNO_START; 238 l = ssl_err /300;239 r = ssl_err %300;261 l = ssl_err / MAX_OSSL_ERR_REASON; 262 r = ssl_err % MAX_OSSL_ERR_REASON; 240 263 ssl_err = ERR_PACK(l, 0, r); 241 264 } … … 245 268 { 246 269 const char *tmp = NULL; 247 248 if (ssl_err >= 300) 249 tmp = ERR_reason_error_string(ssl_err); 250 else 251 tmp = X509_verify_cert_error_string(ssl_err); 252 270 tmp = ERR_reason_error_string(ssl_err); 253 271 if (tmp) { 254 272 pj_ansi_strncpy(buf, tmp, bufsize); … … 518 536 ctx = SSL_CTX_new(ssl_method); 519 537 if (ctx == NULL) { 520 GET_SSL_STATUS(status); 521 return status; 538 return GET_SSL_STATUS(ssock); 522 539 } 523 540 … … 530 547 531 548 if (rc != 1) { 532 GET_SSL_STATUS(status);549 status = GET_SSL_STATUS(ssock); 533 550 PJ_LOG(1,(ssock->pool->obj_name, "Error loading CA list file " 534 551 "'%s'", cert->CA_file.ptr)); … … 552 569 553 570 if(rc != 1) { 554 GET_SSL_STATUS(status);571 status = GET_SSL_STATUS(ssock); 555 572 PJ_LOG(1,(ssock->pool->obj_name, "Error loading certificate " 556 573 "chain file '%s'", cert->cert_file.ptr)); … … 568 585 569 586 if(rc != 1) { 570 GET_SSL_STATUS(status);587 status = GET_SSL_STATUS(ssock); 571 588 PJ_LOG(1,(ssock->pool->obj_name, "Error adding private key " 572 589 "from '%s'", cert->privkey_file.ptr)); … … 581 598 ssock->ossl_ssl = SSL_new(ssock->ossl_ctx); 582 599 if (ssock->ossl_ssl == NULL) { 583 GET_SSL_STATUS(status); 584 return status; 600 return GET_SSL_STATUS(ssock); 585 601 } 586 602 … … 714 730 ret = SSL_set_cipher_list(ssock->ossl_ssl, buf); 715 731 if (ret < 1) { 716 pj_status_t status; 717 GET_SSL_STATUS(status); 718 return status; 732 return GET_SSL_STATUS(ssock); 719 733 } 720 734 … … 1021 1035 */ 1022 1036 if (status != PJ_SUCCESS) { 1037 /* Server disconnected us, possibly due to SSL nego failure */ 1038 if (status == PJ_EEOF) { 1039 unsigned long err; 1040 err = ERR_get_error(); 1041 if (err != SSL_ERROR_NONE) 1042 status = STATUS_FROM_SSL_ERR(ssock, err); 1043 } 1023 1044 reset_ssl_sock_state(ssock); 1024 1045 } … … 1197 1218 /* Perform SSL handshake */ 1198 1219 err = SSL_do_handshake(ssock->ossl_ssl); 1199 if (err < 0) {1200 err = SSL_get_error(ssock->ossl_ssl, err);1201 if (err != SSL_ERROR_NONE && err != SSL_ERROR_WANT_READ)1202 {1203 /* Handshake fails */1204 GET_SSL_STATUS(status);1205 pj_lock_release(ssock->write_mutex);1206 return status;1207 }1208 }1209 1220 1210 1221 /* SSL_do_handshake() may put some pending data into SSL write BIO, … … 1219 1230 pj_lock_release(ssock->write_mutex); 1220 1231 1232 if (err < 0) { 1233 err = SSL_get_error(ssock->ossl_ssl, err); 1234 if (err != SSL_ERROR_NONE && err != SSL_ERROR_WANT_READ) 1235 { 1236 /* Handshake fails */ 1237 status = STATUS_FROM_SSL_ERR(ssock, err); 1238 return status; 1239 } 1240 } 1241 1221 1242 /* Check if handshake has been completed */ 1222 1243 if (SSL_is_init_finished(ssock->ossl_ssl)) { … … 1250 1271 nwritten = BIO_write(ssock->ossl_rbio, data, size); 1251 1272 if (nwritten < size) { 1252 GET_SSL_STATUS(status);1273 status = GET_SSL_STATUS(ssock); 1253 1274 goto on_error; 1254 1275 } … … 1324 1345 { 1325 1346 /* Reset SSL socket state, then return PJ_FALSE */ 1326 GET_SSL_STATUS(status);1347 status = STATUS_FROM_SSL_ERR(ssock, err); 1327 1348 reset_ssl_sock_state(ssock); 1328 1349 goto on_error; … … 1905 1926 info->verify_status = ssock->verify_status; 1906 1927 } 1928 1929 /* Last known OpenSSL error code */ 1930 info->last_native_err = ssock->last_err; 1907 1931 1908 1932 return PJ_SUCCESS; … … 2052 2076 } else { 2053 2077 /* Some problem occured */ 2054 GET_SSL_STATUS(status);2078 status = STATUS_FROM_SSL_ERR(ssock, err); 2055 2079 } 2056 2080 } else { … … 2379 2403 ret = SSL_renegotiate(ssock->ossl_ssl); 2380 2404 if (ret <= 0) { 2381 GET_SSL_STATUS(status);2405 status = GET_SSL_STATUS(ssock); 2382 2406 } else { 2383 2407 status = do_handshake(ssock);
Note: See TracChangeset
for help on using the changeset viewer.