aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-02-21 16:11:58 +0000
committerNick Mathewson <nickm@torproject.org>2008-02-21 16:11:58 +0000
commite2f25558b9ec2ed70a92026870a46b5b68799ebf (patch)
tree3d45bcced8c42a9fcaa8c1022fc77bfa3b7c0a6c
parente18ee2a2abc9ee5dca56e1744babfb7d5733d32d (diff)
downloadtor-e2f25558b9ec2ed70a92026870a46b5b68799ebf.tar.gz
tor-e2f25558b9ec2ed70a92026870a46b5b68799ebf.zip
r14362@31-33-219: nickm | 2008-02-21 11:01:10 -0500
Change some of our log messages related to closed TLS connections in order to better reflect reality. svn:r13657
-rw-r--r--ChangeLog4
-rw-r--r--src/common/tortls.c9
-rw-r--r--src/common/tortls.h14
-rw-r--r--src/or/connection.c6
4 files changed, 20 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index c394661c28..25bba49dc8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -72,6 +72,10 @@ Changes in version 0.2.0.20-?? - 2008-02-??
- Alter the code that tries to recover from unhandled write
errors, to not try to flush onto a socket that's given us
unhandled errors. Bugfix on 0.1.2.x.
+ - Report TLS "zero return" case as a "clean close" and "IO error"
+ as a "close". Stop calling closes "unexpected closes": existing
+ Tors don't use SSL_close(), so having a connection close without
+ the TLS shutdown handshake is hardly unexpected.
o Code simplifications and refactoring:
- Remove the tor_strpartition function: its logic was confused,
diff --git a/src/common/tortls.c b/src/common/tortls.c
index fb9b26a82a..2918ab288e 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -282,12 +282,9 @@ tor_tls_get_error(tor_tls_t *tls, int r, int extra,
case SSL_ERROR_ZERO_RETURN:
if (extra&CATCH_ZERO)
return _TOR_TLS_ZERORETURN;
- log(severity, LD_NET, "TLS error: Zero return");
+ log(severity, LD_NET, "TLS connection closed while %s", doing);
tls_log_errors(tls, severity, doing);
- /* XXXX020rc Actually, a 'zero return' error has a pretty specific
- * meaning: the connection has been closed cleanly. -NM
- * Great. Do something smart here then. :) -RD */
- return TOR_TLS_ERROR_MISC;
+ return TOR_TLS_CLOSE;
default:
tls_log_errors(tls, severity, doing);
return TOR_TLS_ERROR_MISC;
@@ -858,7 +855,7 @@ tor_tls_read(tor_tls_t *tls, char *cp, size_t len)
return r;
}
err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG);
- if (err == _TOR_TLS_ZERORETURN) {
+ if (err == _TOR_TLS_ZERORETURN || err == TOR_TLS_CLOSE) {
log_debug(LD_NET,"read returned r=%d; TLS is closed",r);
tls->state = TOR_TLS_ST_CLOSED;
return TOR_TLS_CLOSE;
diff --git a/src/common/tortls.h b/src/common/tortls.h
index a93dcefaa4..52c8350fec 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -22,7 +22,7 @@ typedef struct tor_tls_t tor_tls_t;
/* Possible return values for most tor_tls_* functions. */
#define _MIN_TOR_TLS_ERROR_VAL -9
#define TOR_TLS_ERROR_MISC -9
-/* Rename to unexpected close or something. XXXX */
+/* Rename to unexpected close or something. XXXX021 */
#define TOR_TLS_ERROR_IO -8
#define TOR_TLS_ERROR_CONNREFUSED -7
#define TOR_TLS_ERROR_CONNRESET -6
@@ -33,16 +33,20 @@ typedef struct tor_tls_t tor_tls_t;
#define TOR_TLS_WANTWRITE -1
#define TOR_TLS_DONE 0
-/** Use this macro in a switch statement to catch _any_ TLS error. That way,
- * if more errors are added, your switches will still work. */
-#define CASE_TOR_TLS_ERROR_ANY \
+/** DOCDOC XXXX021 also rename me. */
+#define CASE_TOR_TLS_ERROR_ANY_NONIO \
case TOR_TLS_ERROR_MISC: \
- case TOR_TLS_ERROR_IO: \
case TOR_TLS_ERROR_CONNREFUSED: \
case TOR_TLS_ERROR_CONNRESET: \
case TOR_TLS_ERROR_NO_ROUTE: \
case TOR_TLS_ERROR_TIMEOUT
+/** Use this macro in a switch statement to catch _any_ TLS error. That way,
+ * if more errors are added, your switches will still work. */
+#define CASE_TOR_TLS_ERROR_ANY \
+ CASE_TOR_TLS_ERROR_ANY_NONIO: \
+ case TOR_TLS_ERROR_IO
+
#define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
const char *tor_tls_err_to_string(int err);
diff --git a/src/or/connection.c b/src/or/connection.c
index 2c3cbab134..891c81a0e7 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1945,12 +1945,14 @@ connection_read_to_buf(connection_t *conn, int *max_to_read)
switch (result) {
case TOR_TLS_CLOSE:
- log_info(LD_NET,"TLS connection closed on read. Closing. "
+ case TOR_TLS_ERROR_IO:
+ log_info(LD_NET,"TLS connection closed %son read. Closing. "
"(Nickname %s, address %s",
+ result == TOR_TLS_CLOSE ? "cleanly " : "",
or_conn->nickname ? or_conn->nickname : "not set",
conn->address);
return result;
- CASE_TOR_TLS_ERROR_ANY:
+ CASE_TOR_TLS_ERROR_ANY_NONIO:
log_info(LD_NET,"tls error [%s]. breaking (nickname %s, address %s).",
tor_tls_err_to_string(result),
or_conn->nickname ? or_conn->nickname : "not set",