diff options
| author | Gordon Sim <gsim@apache.org> | 2010-04-28 15:27:36 +0000 |
|---|---|---|
| committer | Gordon Sim <gsim@apache.org> | 2010-04-28 15:27:36 +0000 |
| commit | 7bbfd9565918d0fa2d537d4fca68aab371f3f9cf (patch) | |
| tree | 68561e0e1b3e84806e90573460e61d3ea8b3494c /cpp/src | |
| parent | 00c88b4252f083441c3a95a7ec6da0f1bc5b2d36 (diff) | |
| download | qpid-python-7bbfd9565918d0fa2d537d4fca68aab371f3f9cf.tar.gz | |
QPID-2083: Some improvements to error handling for NSS based SSL implementation.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@938992 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp/src')
| -rw-r--r-- | cpp/src/qpid/sys/ssl/SslIo.cpp | 7 | ||||
| -rw-r--r-- | cpp/src/qpid/sys/ssl/SslSocket.cpp | 1 | ||||
| -rw-r--r-- | cpp/src/qpid/sys/ssl/check.cpp | 31 | ||||
| -rw-r--r-- | cpp/src/qpid/sys/ssl/check.h | 2 |
4 files changed, 31 insertions, 10 deletions
diff --git a/cpp/src/qpid/sys/ssl/SslIo.cpp b/cpp/src/qpid/sys/ssl/SslIo.cpp index a57123c182..a58a137473 100644 --- a/cpp/src/qpid/sys/ssl/SslIo.cpp +++ b/cpp/src/qpid/sys/ssl/SslIo.cpp @@ -21,6 +21,7 @@ #include "qpid/sys/ssl/SslIo.h" #include "qpid/sys/ssl/SslSocket.h" +#include "qpid/sys/ssl/check.h" #include "qpid/sys/Time.h" #include "qpid/sys/posix/check.h" @@ -312,7 +313,7 @@ void SslIO::readable(DispatchHandle& h) { break; } else { // Report error then just treat as a socket disconnect - QPID_LOG(error, "Error reading socket: " << qpid::sys::strError(rc) << "(" << rc << ")" ); + QPID_LOG(error, "Error reading socket: " << getErrorString(PR_GetError())); eofCallback(*this); h.unwatchRead(); break; @@ -383,7 +384,9 @@ void SslIO::writeable(DispatchHandle& h) { // we can carry on watching for writes break; } else { - QPID_POSIX_CHECK(rc); + QPID_LOG(error, "Error writing to socket: " << getErrorString(PR_GetError())); + h.unwatchWrite(); + break; } } } else { diff --git a/cpp/src/qpid/sys/ssl/SslSocket.cpp b/cpp/src/qpid/sys/ssl/SslSocket.cpp index 22b0909ad4..8ebc5937d2 100644 --- a/cpp/src/qpid/sys/ssl/SslSocket.cpp +++ b/cpp/src/qpid/sys/ssl/SslSocket.cpp @@ -179,6 +179,7 @@ void SslSocket::connect(const std::string& host, uint16_t port) const throw Exception(QPID_MSG("Could not resolve address for host.")); } PR_CHECK(PR_Connect(socket, &address, PR_INTERVAL_NO_TIMEOUT)); + NSS_CHECK(SSL_ForceHandshake(socket)); } void SslSocket::close() const diff --git a/cpp/src/qpid/sys/ssl/check.cpp b/cpp/src/qpid/sys/ssl/check.cpp index c5e6005e03..d4367226eb 100644 --- a/cpp/src/qpid/sys/ssl/check.cpp +++ b/cpp/src/qpid/sys/ssl/check.cpp @@ -35,7 +35,11 @@ const std::string SSL_ERROR_BAD_CERT_DOMAIN_STR = const std::string SSL_ERROR_BAD_CERT_ALERT_STR = "SSL peer cannot verify your certificate."; const std::string SEC_ERROR_BAD_DATABASE_STR = "Security library: bad database."; const std::string SSL_ERROR_NO_CERTIFICATE_STR = "Unable to find the certificate or key necessary for authentication."; -const std::string SSL_ERROR_UNKNOWN = "Unknown NSS error code."; +const std::string PR_DIRECTORY_LOOKUP_ERROR_STR = "A directory lookup on a network address has failed"; +const std::string PR_CONNECT_RESET_ERROR_STR = "TCP connection reset by peer"; +const std::string PR_END_OF_FILE_ERROR_STR = "Encountered end of file"; +const std::string SSL_ERROR_UNKNOWN = "NSS error"; +const std::string NSPR_ERROR_UNKNOWN = "NSPR error"; ErrorString::ErrorString() : code(PR_GetError()), buffer(new char[PR_GetErrorTextLength()]), used(PR_GetErrorText(buffer)) {} @@ -51,13 +55,24 @@ std::string ErrorString::getString() const //seems most of the NSPR/NSS errors don't have text set for //them, add a few specific ones in here. (TODO: more complete //list?): - switch (code) { - case SSL_ERROR_BAD_CERT_DOMAIN: msg = SSL_ERROR_BAD_CERT_DOMAIN_STR; break; - case SSL_ERROR_BAD_CERT_ALERT: msg = SSL_ERROR_BAD_CERT_ALERT_STR; break; - case SEC_ERROR_BAD_DATABASE: msg = SEC_ERROR_BAD_DATABASE_STR; break; - case SSL_ERROR_NO_CERTIFICATE: msg = SSL_ERROR_NO_CERTIFICATE_STR; break; - default: msg = SSL_ERROR_UNKNOWN; break; - } + return getErrorString(code); + } else { + return str(format("%1% [%2%]") % msg % code); + } +} + +std::string getErrorString(int code) +{ + std::string msg; + switch (code) { + case SSL_ERROR_BAD_CERT_DOMAIN: msg = SSL_ERROR_BAD_CERT_DOMAIN_STR; break; + case SSL_ERROR_BAD_CERT_ALERT: msg = SSL_ERROR_BAD_CERT_ALERT_STR; break; + case SEC_ERROR_BAD_DATABASE: msg = SEC_ERROR_BAD_DATABASE_STR; break; + case SSL_ERROR_NO_CERTIFICATE: msg = SSL_ERROR_NO_CERTIFICATE_STR; break; + case PR_DIRECTORY_LOOKUP_ERROR: msg = PR_DIRECTORY_LOOKUP_ERROR_STR; break; + case PR_CONNECT_RESET_ERROR: msg = PR_CONNECT_RESET_ERROR_STR; break; + case PR_END_OF_FILE_ERROR: msg = PR_END_OF_FILE_ERROR_STR; break; + default: msg = (code < -6000) ? SSL_ERROR_UNKNOWN : NSPR_ERROR_UNKNOWN; break; } return str(format("%1% [%2%]") % msg % code); } diff --git a/cpp/src/qpid/sys/ssl/check.h b/cpp/src/qpid/sys/ssl/check.h index 94db120afa..28d3c74ad0 100644 --- a/cpp/src/qpid/sys/ssl/check.h +++ b/cpp/src/qpid/sys/ssl/check.h @@ -32,6 +32,8 @@ namespace qpid { namespace sys { namespace ssl { +std::string getErrorString(int code); + class ErrorString { public: |