Merge branch 'maint-0.4.4'

4 files changed, 20 insertions, 6 deletions

diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
index 3ebe18cd33..af823335a8 100644
--- a/src/core/mainloop/connection.c
+++ b/src/core/mainloop/connection.c
@@ -4205,6 +4205,7 @@ connection_handle_write_impl(connection_t *conn, int force)
     switch (result) {
       CASE_TOR_TLS_ERROR_ANY:
       case TOR_TLS_CLOSE:
+        or_conn->tls_error = result;
         log_info(LD_NET, result != TOR_TLS_CLOSE ?
                  "tls error. breaking.":"TLS connection closed on flush");
         /* Don't flush; connection is dead. */
diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c
index 5d71b363f8..b88d1b6afb 100644
--- a/src/core/or/connection_or.c
+++ b/src/core/or/connection_or.c
@@ -745,10 +745,16 @@ connection_or_about_to_close(or_connection_t *or_conn)
         int reason = tls_error_to_orconn_end_reason(or_conn->tls_error);
         connection_or_event_status(or_conn, OR_CONN_EVENT_FAILED,
                                    reason);
-        if (!authdir_mode_tests_reachability(options))
-          control_event_bootstrap_prob_or(
-                orconn_end_reason_to_control_string(reason),
-                reason, or_conn);
+        if (!authdir_mode_tests_reachability(options)) {
+          const char *warning = NULL;
+          if (reason == END_OR_CONN_REASON_TLS_ERROR && or_conn->tls) {
+            warning = tor_tls_get_last_error_msg(or_conn->tls);
+          }
+          if (warning == NULL) {
+            warning = orconn_end_reason_to_control_string(reason);
+          }
+          control_event_bootstrap_prob_or(warning, reason, or_conn);
+        }
       }
     }
   } else if (conn->hold_open_until_flushed) {
@@ -1692,7 +1698,8 @@ connection_tls_continue_handshake(or_connection_t *conn)
 
   switch (result) {
     CASE_TOR_TLS_ERROR_ANY:
-    log_info(LD_OR,"tls error [%s]. breaking connection.",
+      conn->tls_error = result;
+      log_info(LD_OR,"tls error [%s]. breaking connection.",
              tor_tls_err_to_string(result));
       return -1;
     case TOR_TLS_DONE:
@@ -1724,6 +1731,7 @@ connection_tls_continue_handshake(or_connection_t *conn)
       log_debug(LD_OR,"wanted read");
       return 0;
     case TOR_TLS_CLOSE:
+      conn->tls_error = result;
       log_info(LD_OR,"tls closed. breaking connection.");
       return -1;
   }
diff --git a/src/core/or/or.h b/src/core/or/or.h
index 7e02da6648..d80c41371e 100644
--- a/src/core/or/or.h
+++ b/src/core/or/or.h
@@ -220,7 +220,8 @@ struct curve25519_public_key_t;
 #define END_OR_CONN_REASON_IO_ERROR       7 /* read/write error */
 #define END_OR_CONN_REASON_RESOURCE_LIMIT 8 /* sockets, buffers, etc */
 #define END_OR_CONN_REASON_PT_MISSING     9 /* PT failed or not available */
-#define END_OR_CONN_REASON_MISC           10
+#define END_OR_CONN_REASON_TLS_ERROR      10 /* Problem in TLS protocol */
+#define END_OR_CONN_REASON_MISC           11
 
 /* Reasons why we (or a remote OR) might close a stream. See tor-spec.txt for
  * documentation of these.  The values must match. */
diff --git a/src/core/or/reasons.c b/src/core/or/reasons.c
index 7da7843cab..708f43a689 100644
--- a/src/core/or/reasons.c
+++ b/src/core/or/reasons.c
@@ -244,6 +244,8 @@ orconn_end_reason_to_control_string(int r)
       return "IOERROR";
     case END_OR_CONN_REASON_RESOURCE_LIMIT:
       return "RESOURCELIMIT";
+    case END_OR_CONN_REASON_TLS_ERROR:
+      return "TLS_ERROR";
     case END_OR_CONN_REASON_MISC:
       return "MISC";
     case END_OR_CONN_REASON_PT_MISSING:
@@ -276,6 +278,8 @@ tls_error_to_orconn_end_reason(int e)
     case TOR_TLS_CLOSE:
     case TOR_TLS_DONE:
       return END_OR_CONN_REASON_DONE;
+    case TOR_TLS_ERROR_MISC:
+      return END_OR_CONN_REASON_TLS_ERROR;
     default:
       return END_OR_CONN_REASON_MISC;
   }