SERVER-28469 Improve SSLManager error handling

author: Alya Berciu <alya.berciu@mongodb.com> 2019-06-04 10:53:02 -0400
committer: Alya Berciu <alya.berciu@mongodb.com> 2019-06-11 16:39:34 -0400
commit: 6fd8c8dc3d029c7e69db80bf0a209905e95c5f72 (patch)
tree: e2a5420b710db51e7658a234ee692dad39dbd50a /src/mongo/util
parent: c5e246473ee692cb5866827ac40f5dba006672dc (diff)
download: mongo-6fd8c8dc3d029c7e69db80bf0a209905e95c5f72.tar.gz
2 files changed, 12 insertions, 4 deletions
diff --git a/src/mongo/util/net/sock_test.cpp b/src/mongo/util/net/sock_test.cpp
index 77931df8b94..14cc5721e29 100644
--- a/src/mongo/util/net/sock_test.cpp
+++ b/src/mongo/util/net/sock_test.cpp
@@ -269,7 +269,9 @@ TEST_F(SocketFailPointTest, TestSend) {
     ASSERT_TRUE(tryRecv());
     {
         const ScopedFailPointEnabler enabled(*_failPoint);
-        ASSERT_THROWS(trySend(), NetworkException);
+        auto expectedEx =
+            makeSocketError(SocketErrorKind::SEND_ERROR, _sockets.first->remoteString());
+        ASSERT_THROWS_WHAT(trySend(), NetworkException, expectedEx.reason());
     }
     // Channel should be working again
     ASSERT_TRUE(trySend());
@@ -293,7 +295,9 @@ TEST_F(SocketFailPointTest, TestRecv) {
     {
         ASSERT_TRUE(trySend());  // data for recv
         const ScopedFailPointEnabler enabled(*_failPoint);
-        ASSERT_THROWS(tryRecv(), NetworkException);
+        auto expectedEx =
+            makeSocketError(SocketErrorKind::RECV_ERROR, _sockets.first->remoteString());
+        ASSERT_THROWS_WHAT(tryRecv(), NetworkException, expectedEx.reason());
     }
     ASSERT_TRUE(trySend());  // data for recv
     ASSERT_TRUE(tryRecv());
diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp
index ae59c671058..59695f00504 100644
--- a/src/mongo/util/net/ssl_manager_openssl.cpp
+++ b/src/mongo/util/net/ssl_manager_openssl.cpp
@@ -1705,6 +1705,7 @@ std::string SSLManagerInterface::getSSLErrorMessage(int code) {
 void SSLManagerOpenSSL::_handleSSLError(SSLConnectionOpenSSL* conn, int ret) {
     int code = SSL_get_error(conn->ssl, ret);
     int err = ERR_get_error();
+    SocketErrorKind errToThrow = SocketErrorKind::CONNECT_ERROR;
 
     switch (code) {
         case SSL_ERROR_WANT_READ:
@@ -1713,12 +1714,15 @@ void SSLManagerOpenSSL::_handleSSLError(SSLConnectionOpenSSL* conn, int ret) {
             // However, it turns out this CAN happen during a connect, if the other side
             // accepts the socket connection but fails to do the SSL handshake in a timely
             // manner.
+            errToThrow = (code == SSL_ERROR_WANT_READ) ? SocketErrorKind::RECV_ERROR
+                                                       : SocketErrorKind::SEND_ERROR;
             error() << "SSL: " << code << ", possibly timed out during connect";
             break;
 
         case SSL_ERROR_ZERO_RETURN:
             // TODO: Check if we can avoid throwing an exception for this condition
-            LOG(3) << "SSL network connection closed";
+            // If so, change error() back to LOG(3)
+            error() << "SSL network connection closed";
             break;
         case SSL_ERROR_SYSCALL:
             // If ERR_get_error returned 0, the error queue is empty
@@ -1741,6 +1745,6 @@ void SSLManagerOpenSSL::_handleSSLError(SSLConnectionOpenSSL* conn, int ret) {
             break;
     }
     _flushNetworkBIO(conn);
-    throwSocketError(SocketErrorKind::CONNECT_ERROR, "");
+    throwSocketError(errToThrow, conn->socket->remoteString());
 }
 }  // namespace mongo
author	Alya Berciu <alya.berciu@mongodb.com>	2019-06-04 10:53:02 -0400
committer	Alya Berciu <alya.berciu@mongodb.com>	2019-06-11 16:39:34 -0400
commit	6fd8c8dc3d029c7e69db80bf0a209905e95c5f72 (patch)
tree	e2a5420b710db51e7658a234ee692dad39dbd50a /src/mongo/util
parent	c5e246473ee692cb5866827ac40f5dba006672dc (diff)
download	mongo-6fd8c8dc3d029c7e69db80bf0a209905e95c5f72.tar.gz