gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

完善sslstream错误打印信息。

Browse Source
This commit is contained in:
zhengchao
2018-10-04 18:34:18 +08:00
parent 9827ef2d88
commit 443404ce89
2 changed files with 32 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
common/include/tfe_types.h
View File

@@ -149,7 +149,10 @@ struct tfe_stream_addr
unsigned char paddr[0]; unsigned char paddr[0];
}; };
}; };
static inline const char* tfe_stream_conn_dir_to_str(enum tfe_conn_dir dir)
{
return (dir==CONN_DIR_DOWNSTREAM)?"downstream":"upstream";
}
static inline char * tfe_stream_addr_to_str(const struct tfe_stream_addr * addr) static inline char * tfe_stream_addr_to_str(const struct tfe_stream_addr * addr)
{ {
char * __str_ret = NULL; char * __str_ret = NULL;

42
platform/src/ssl_stream.cpp
View File

@@ -282,6 +282,11 @@ static int sslver_str2num(const char * version_str)
{ {
sslversion = TLS1_2_VERSION; sslversion = TLS1_2_VERSION;
} }
else if (!strcmp(version_str, "tls13"))
{
sslversion = TLS1_3_VERSION;
}
else else
{ {
sslversion = -1; sslversion = -1;
@@ -362,7 +367,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
MESA_load_profile_uint_def(ini_profile, section, "ssl_compression", &(mgr->sslcomp), 1); MESA_load_profile_uint_def(ini_profile, section, "ssl_compression", &(mgr->sslcomp), 1);
MESA_load_profile_uint_def(ini_profile, section, "no_ssl2", &(mgr->no_ssl2), 1); MESA_load_profile_uint_def(ini_profile, section, "no_ssl2", &(mgr->no_ssl2), 1);
MESA_load_profile_uint_def(ini_profile, section, "no_ssl3", &(mgr->no_ssl3), 1); MESA_load_profile_uint_def(ini_profile, section, "no_ssl3", &(mgr->no_ssl3), 1);
MESA_load_profile_uint_def(ini_profile, section, "no_tls10", &(mgr->no_tls10), 1); MESA_load_profile_uint_def(ini_profile, section, "no_tls10", &(mgr->no_tls10), 0);
MESA_load_profile_uint_def(ini_profile, section, "no_tls11", &(mgr->no_tls11), 0); MESA_load_profile_uint_def(ini_profile, section, "no_tls11", &(mgr->no_tls11), 0);
MESA_load_profile_uint_def(ini_profile, section, "no_tls12", &(mgr->no_tls12), 0); MESA_load_profile_uint_def(ini_profile, section, "no_tls12", &(mgr->no_tls12), 0);
MESA_load_profile_string_def(ini_profile, section, "default_ciphers", mgr->default_ciphers, MESA_load_profile_string_def(ini_profile, section, "default_ciphers", mgr->default_ciphers,
@@ -371,7 +376,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", &(mgr->cache_slots), 4 * 1024 * 1024); MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", &(mgr->cache_slots), 4 * 1024 * 1024);
MESA_load_profile_uint_def(ini_profile, section, "session_cache_slots", &(mgr->sess_expire_seconds), 30 * 60); MESA_load_profile_uint_def(ini_profile, section, "session_cache_expire_seconds", &(mgr->sess_expire_seconds), 30 * 60);
mgr->up_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM); mgr->up_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_UPSTREAM);
mgr->down_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM); mgr->down_sess_cache = ssl_sess_cache_create(mgr->cache_slots, mgr->sess_expire_seconds, CONN_DIR_DOWNSTREAM);
@@ -392,7 +397,7 @@ struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section
ret = X509_STORE_set_default_paths(mgr->trust_CA_store); ret = X509_STORE_set_default_paths(mgr->trust_CA_store);
if (ret == 0) if (ret == 0)
{ {
TFE_LOG_ERROR(logger, "Failed at setting default paths for X509_STORE"); TFE_LOG_ERROR(logger, "Failed at setting default paths for X509_STORE.");
goto error_out; goto error_out;
} }
@@ -682,7 +687,10 @@ struct bufferevent * ssl_upstream_create_result_release_bev(future_result_t * re
void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void* logger) void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void* logger)
{ {
unsigned long sslerr=0; unsigned long sslerr=0;
const char* dir_str=(dir==CONN_DIR_DOWNSTREAM?"downstream":"upstream"); int fd=bufferevent_getfd(bev);
struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd, dir);
char* addr_string=tfe_stream_addr_to_str(addr);
/* Can happen for socket errs, ssl errs; /* Can happen for socket errs, ssl errs;
* may happen for unclean ssl socket shutdowns. */ * may happen for unclean ssl socket shutdowns. */
sslerr = bufferevent_get_openssl_error(bev); sslerr = bufferevent_get_openssl_error(bev);
@@ -699,9 +707,10 @@ void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void*
{ {
/* these can happen due to client cert auth, /* these can happen due to client cert auth,
* only log error if debugging is activated */ * only log error if debugging is activated */
TFE_LOG_ERROR(logger,"Handshake Error from %s bufferevent: " TFE_LOG_ERROR(logger,"Handshake Error from bufferevent of ssl %s %s: "
"%i:%s %lu:%i:%s:%i:%s:%i:%s\n", "%i:%s %lu:%i:%s:%i:%s:%i:%s",
dir_str, tfe_stream_conn_dir_to_str(dir),
addr_string,
errno, errno,
errno ? strerror(errno) : "-", errno ? strerror(errno) : "-",
sslerr, sslerr,
@@ -717,7 +726,7 @@ void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void*
while ((sslerr = bufferevent_get_openssl_error(bev))) while ((sslerr = bufferevent_get_openssl_error(bev)))
{ {
TFE_LOG_ERROR(logger,"Additional SSL error: " TFE_LOG_ERROR(logger,"Additional SSL error: "
"%lu:%i:%s:%i:%s:%i:%s\n", "%lu:%i:%s:%i:%s:%i:%s",
sslerr, sslerr,
ERR_GET_REASON(sslerr), ERR_GET_REASON(sslerr),
ERR_reason_error_string(sslerr), ERR_reason_error_string(sslerr),
@@ -730,9 +739,10 @@ void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void*
else else
{ {
/* real errors */ /* real errors */
TFE_LOG_ERROR(logger,"Error from %s bufferevent: " TFE_LOG_ERROR(logger,"Error from bufferevent of ssl %s %s: "
"%i:%s %lu:%i:%s:%i:%s:%i:%s\n", "%i:%s %lu:%i:%s:%i:%s:%i:%s",
dir_str, tfe_stream_conn_dir_to_str(dir),
addr_string,
errno, errno,
errno ? strerror(errno) : "-", errno ? strerror(errno) : "-",
sslerr, sslerr,
@@ -758,6 +768,8 @@ void ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, void*
ERR_func_error_string(sslerr)); ERR_func_error_string(sslerr));
} }
} }
tfe_stream_addr_free(addr);
free(addr_string);
} }
@@ -1233,7 +1245,7 @@ static void pxy_ssl_shutdown_cb(evutil_socket_t fd, short what, void * arg)
void * logger = ctx->s_stream->mgr->logger; void * logger = ctx->s_stream->mgr->logger;
short want = 0; short want = 0;
int rv = 0, sslerr = 0; int rv = 0, sslerr = 0;
char tmp[1024];
if (ctx->ev) if (ctx->ev)
{ {
event_free(ctx->ev); event_free(ctx->ev);
@@ -1281,8 +1293,10 @@ retry:
{ {
struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd, ctx->s_stream->dir); struct tfe_stream_addr* addr=tfe_stream_addr_create_by_fd(fd, ctx->s_stream->dir);
char* addr_string=tfe_stream_addr_to_str(addr); char* addr_string=tfe_stream_addr_to_str(addr);
TFE_LOG_ERROR(logger, "Failed to shutdown SSL connection cleanly: %s " TFE_LOG_ERROR(logger, "Failed to shutdown %s SSL connection cleanly: %s "
"Max retries reached. Closing fd %d.", addr_string, fd); "Max retries reached. Closing fd %d.",
tfe_stream_conn_dir_to_str(ctx->s_stream->dir),
addr_string, fd);
tfe_stream_addr_free(addr); tfe_stream_addr_free(addr);
free(addr_string); free(addr_string);
goto complete; goto complete;