trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jpe...@apache.org
Subject git commit: TS-2615: handle errors in creating a SSL client session
Date Wed, 05 Mar 2014 05:02:53 GMT
Repository: trafficserver
Updated Branches:
  refs/heads/master a7a51ecc1 -> 705a1d800


TS-2615: handle errors in creating a SSL client session


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/705a1d80
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/705a1d80
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/705a1d80

Branch: refs/heads/master
Commit: 705a1d80002de0406e4da59892f36d05a11eb849
Parents: a7a51ec
Author: James Peach <jpeach@apache.org>
Authored: Fri Feb 28 15:25:38 2014 -0800
Committer: James Peach <jpeach@apache.org>
Committed: Tue Mar 4 21:01:29 2014 -0800

----------------------------------------------------------------------
 CHANGES                         |  2 ++
 iocore/net/SSLNetVConnection.cc | 31 +++++++++++++++++++++----------
 2 files changed, 23 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/705a1d80/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index 2b3627c..2f13215 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache Traffic Server 5.0.0
 
+  *) [TS-2615] Better logging and error handling in SSL client session startup.
+
   *) [TS-2613] Can't turn on attach server session to client from records.config
 
   *) [TS-2611] Add a new S3 authentication plugin, s3_auth. This only supports

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/705a1d80/iocore/net/SSLNetVConnection.cc
----------------------------------------------------------------------
diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
index dfcef4d..32b9a44 100644
--- a/iocore/net/SSLNetVConnection.cc
+++ b/iocore/net/SSLNetVConnection.cc
@@ -484,7 +484,9 @@ SSLNetVConnection::free(EThread * t) {
 int
 SSLNetVConnection::sslStartHandShake(int event, int &err)
 {
-  if (event == SSL_EVENT_SERVER) {
+
+  switch (event) {
+  case SSL_EVENT_SERVER:
     if (this->ssl == NULL) {
       SSLCertificateConfig::scoped_config lookup;
 
@@ -492,21 +494,30 @@ SSLNetVConnection::sslStartHandShake(int event, int &err)
       // to negotiate a SSL session, but it's enough to trampoline us into the SNI callback
where we
       // can select the right server certificate.
       this->ssl = make_ssl_connection(lookup->defaultContext(), this);
-      if (this->ssl == NULL) {
-        Debug("ssl", "SSLNetVConnection::sslServerHandShakeEvent, ssl create failed");
-        SSLErrorVC(this, "SSL_StartHandShake");
-        return EVENT_ERROR;
-      }
+    }
+
+    if (this->ssl == NULL) {
+      SSLErrorVC(this, "failed to create SSL server session");
+      return EVENT_ERROR;
     }
 
     return sslServerHandShakeEvent(err);
-  } else {
-    ink_assert(event == SSL_EVENT_CLIENT);
+
+  case SSL_EVENT_CLIENT:
     if (this->ssl == NULL) {
       this->ssl = make_ssl_connection(ssl_NetProcessor.client_ctx, this);
     }
-    ink_assert(event == SSL_EVENT_CLIENT);
-    return (sslClientHandShakeEvent(err));
+
+    if (this->ssl == NULL) {
+      SSLErrorVC(this, "failed to create SSL client session");
+      return EVENT_ERROR;
+    }
+
+    return sslClientHandShakeEvent(err);
+
+  default:
+    ink_assert(0);
+    return EVENT_ERROR;
   }
 
 }


Mime
View raw message