完善sslstream错误打印信息。

2018-10-04 18:34:18 +08:00
parent 9827ef2d88
commit 443404ce89
2 changed files with 32 additions and 15 deletions
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -282,6 +282,11 @@ static int sslver_str2num(const char * version_str)
 	{
 		sslversion = TLS1_2_VERSION;
 	}
+	else if (!strcmp(version_str, "tls13"))
+	{
+		sslversion = TLS1_3_VERSION;
+	}
+
 	else
 	{
 		sslversion = -1;
@@ -362,7 +367,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
 	MESA_load_profile_uint_def(ini_profile, section, "ssl_compression", &(mgr->sslcomp), 1);
 	MESA_load_profile_uint_def(ini_profile, section, "no_ssl2", &(mgr->no_ssl2), 1);
 	MESA_load_profile_uint_def(ini_profile, section, "no_ssl3", &(mgr->no_ssl3), 1);
-	MESA_load_profile_uint_def(ini_profile, section, "no_tls10", &(mgr->no_tls10), 1);
+	MESA_load_profile_uint_def(ini_profile, section, "no_tls10", &(mgr->no_tls10), 0);
 	MESA_load_profile_uint_def(ini_profile, section, "no_tls11", &(mgr->no_tls11), 0);
 	MESA_load_profile_uint_def(ini_profile, section, "no_tls12", &(mgr->no_tls12), 0);
 	MESA_load_profile_string_def(ini_profile, section, "default_ciphers", mgr->default_ciphers, 
@@ -371,7 +376,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
 	

 	MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", &(mgr->cache_slots), 4 * 1024 * 1024);
-	MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", &(mgr->sess_expire_seconds), 30 * 60);
+	MESA_load_profile_uint_def(ini_profile, section, "session_cache_expire_seconds", &(mgr->sess_expire_seconds), 30 * 60);

 	mgr->up_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM);
 	mgr->down_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM);
@@ -392,7 +397,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
 	ret = X509_STORE_set_default_paths(mgr->trust_CA_store);
 	if (ret == 0)
 	{
-		TFE_LOG_ERROR(logger, "Failed at setting default paths for X509_STORE");
+		TFE_LOG_ERROR(logger, "Failed at setting default paths for X509_STORE.");
 		goto error_out;
 	}

@@ -682,7 +687,10 @@ struct bufferevent * ssl_upstream_create_result_release_bev(future_result_t * re
 void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void* logger)
 {
 	unsigned long sslerr=0;
-	const char* dir_str=(dir==CONN_DIR_DOWNSTREAM?"downstream":"upstream");
+	int fd=bufferevent_getfd(bev);
+	struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd, dir);
+	char* addr_string=tfe_stream_addr_to_str(addr);
+
 	/* Can happen for socket errs, ssl errs;
 	 * may happen for unclean ssl socket shutdowns. */
 	sslerr = bufferevent_get_openssl_error(bev);
@@ -699,9 +707,10 @@ void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void*
 	{
 		/* these can happen due to client cert auth,
 		 * only log error if debugging is activated */
-		TFE_LOG_ERROR(logger,"Handshake Error from %s bufferevent: "
-					   "%i:%s %lu:%i:%s:%i:%s:%i:%s\n",
-			dir_str,
+		TFE_LOG_ERROR(logger,"Handshake Error from bufferevent of ssl %s %s: "
+					   "%i:%s %lu:%i:%s:%i:%s:%i:%s",
+			tfe_stream_conn_dir_to_str(dir),
+			addr_string,
 			errno,
 			errno ? strerror(errno) : "-",
 			sslerr,
@@ -717,7 +726,7 @@ void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void*
 		while ((sslerr = bufferevent_get_openssl_error(bev)))
 		{
 			TFE_LOG_ERROR(logger,"Additional SSL error: "
-						   "%lu:%i:%s:%i:%s:%i:%s\n",
+						   "%lu:%i:%s:%i:%s:%i:%s",
 				sslerr,
 				ERR_GET_REASON(sslerr),
 				ERR_reason_error_string(sslerr),
@@ -730,9 +739,10 @@ void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void*
 	else
 	{
 		/* real errors */
-		TFE_LOG_ERROR(logger,"Error from %s bufferevent: "
-					   "%i:%s %lu:%i:%s:%i:%s:%i:%s\n",
-			dir_str,
+		TFE_LOG_ERROR(logger,"Error from bufferevent of ssl %s %s: "
+					   "%i:%s %lu:%i:%s:%i:%s:%i:%s",
+			tfe_stream_conn_dir_to_str(dir),
+			addr_string,
 			errno,
 			errno ? strerror(errno) : "-",
 			sslerr,
@@ -758,6 +768,8 @@ void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void*
 				ERR_func_error_string(sslerr));
 		}
 	}
+	tfe_stream_addr_free(addr);
+	free(addr_string);

 }

@@ -1233,7 +1245,7 @@ static void pxy_ssl_shutdown_cb(evutil_socket_t fd, short what, void * arg)
 	void * logger = ctx->s_stream->mgr->logger;
 	short want = 0;
 	int rv = 0, sslerr = 0;
-
+	char tmp[1024];
 	if (ctx->ev)
 	{
 		event_free(ctx->ev);
@@ -1281,8 +1293,10 @@ retry:
 	{
 		struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd, ctx->s_stream->dir);
 		char* addr_string=tfe_stream_addr_to_str(addr);
-		TFE_LOG_ERROR(logger, "Failed to shutdown SSL connection cleanly: %s "
-							  "Max retries reached. Closing fd %d.", addr_string, fd);
+		TFE_LOG_ERROR(logger, "Failed to shutdown %s SSL connection cleanly: %s "
+							  "Max retries reached. Closing fd %d.",
+							  tfe_stream_conn_dir_to_str(ctx->s_stream->dir),
+							  addr_string, fd);
 		tfe_stream_addr_free(addr);
 		free(addr_string);
 		goto complete;