mirror of
https://github.com/pgbackrest/pgbackrest.git
synced 2024-12-14 10:13:05 +02:00
Improve TLS error reporting.
Before9f2d647
TLS errors included additional details in at least some cases. After9f2d647
a connection to an HTTP server threw `TLS error [1]` instead of `unable to negotiate TLS connection: [336031996] unknown protocol`. Bring back the detailed messages to make debugging TLS errors easier. Since the error routine is now generic the `unable to negotiate TLS connection context` is not available so the error looks like `TLS error [1:336031996] unknown protocol`.
This commit is contained in:
parent
94d3a01f73
commit
847e61ce21
@ -64,6 +64,15 @@
|
|||||||
|
|
||||||
<p>Proactively close file descriptors after forking async process.</p>
|
<p>Proactively close file descriptors after forking async process.</p>
|
||||||
</release-item>
|
</release-item>
|
||||||
|
|
||||||
|
<release-item>
|
||||||
|
<release-item-contributor-list>
|
||||||
|
<release-item-reviewer id="cynthia.shang"/>
|
||||||
|
<release-item-reviewer id="stephen.frost"/>
|
||||||
|
</release-item-contributor-list>
|
||||||
|
|
||||||
|
<p>Improve TLS error reporting.</p>
|
||||||
|
</release-item>
|
||||||
</release-improvement-list>
|
</release-improvement-list>
|
||||||
</release-core-list>
|
</release-core-list>
|
||||||
|
|
||||||
|
@ -86,11 +86,12 @@ Returns:
|
|||||||
***********************************************************************************************************************************/
|
***********************************************************************************************************************************/
|
||||||
// Helper to process error conditions
|
// Helper to process error conditions
|
||||||
static int
|
static int
|
||||||
tlsSessionResultProcess(TlsSession *this, int errorTls, int errorSys, bool closeOk)
|
tlsSessionResultProcess(TlsSession *this, int errorTls, long unsigned int errorTlsDetail, int errorSys, bool closeOk)
|
||||||
{
|
{
|
||||||
FUNCTION_LOG_BEGIN(logLevelTrace);
|
FUNCTION_LOG_BEGIN(logLevelTrace);
|
||||||
FUNCTION_LOG_PARAM(TLS_SESSION, this);
|
FUNCTION_LOG_PARAM(TLS_SESSION, this);
|
||||||
FUNCTION_LOG_PARAM(INT, errorTls);
|
FUNCTION_LOG_PARAM(INT, errorTls);
|
||||||
|
FUNCTION_LOG_PARAM(UINT64, errorTlsDetail);
|
||||||
FUNCTION_LOG_PARAM(INT, errorSys);
|
FUNCTION_LOG_PARAM(INT, errorSys);
|
||||||
FUNCTION_LOG_PARAM(BOOL, closeOk);
|
FUNCTION_LOG_PARAM(BOOL, closeOk);
|
||||||
FUNCTION_LOG_END();
|
FUNCTION_LOG_END();
|
||||||
@ -134,7 +135,14 @@ tlsSessionResultProcess(TlsSession *this, int errorTls, int errorSys, bool close
|
|||||||
|
|
||||||
// Any other error that we cannot handle
|
// Any other error that we cannot handle
|
||||||
default:
|
default:
|
||||||
THROW_FMT(ServiceError, "TLS error [%d]", errorTls);
|
{
|
||||||
|
// Get detailed error message when available
|
||||||
|
const char *errorTlsDetailMessage = ERR_reason_error_string(errorTlsDetail);
|
||||||
|
|
||||||
|
THROW_FMT(
|
||||||
|
ServiceError, "TLS error [%d:%lu] %s", errorTls, errorTlsDetail,
|
||||||
|
errorTlsDetailMessage == NULL ? "no details available" : errorTlsDetailMessage);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
FUNCTION_LOG_RETURN(INT, result);
|
FUNCTION_LOG_RETURN(INT, result);
|
||||||
@ -157,9 +165,10 @@ tlsSessionResult(TlsSession *this, int result, bool closeOk)
|
|||||||
{
|
{
|
||||||
// Get TLS error and store errno in case of syscall error
|
// Get TLS error and store errno in case of syscall error
|
||||||
int errorTls = SSL_get_error(this->session, result);
|
int errorTls = SSL_get_error(this->session, result);
|
||||||
|
long unsigned int errorTlsDetail = ERR_get_error();
|
||||||
int errorSys = errno;
|
int errorSys = errno;
|
||||||
|
|
||||||
result = tlsSessionResultProcess(this, errorTls, errorSys, closeOk);
|
result = tlsSessionResultProcess(this, errorTls, errorTlsDetail, errorSys, closeOk);
|
||||||
}
|
}
|
||||||
|
|
||||||
FUNCTION_LOG_RETURN(INT, result);
|
FUNCTION_LOG_RETURN(INT, result);
|
||||||
|
@ -414,9 +414,15 @@ testRun(void)
|
|||||||
// -----------------------------------------------------------------------------------------------------------------
|
// -----------------------------------------------------------------------------------------------------------------
|
||||||
TEST_TITLE("uncovered errors");
|
TEST_TITLE("uncovered errors");
|
||||||
|
|
||||||
TEST_RESULT_INT(tlsSessionResultProcess(session, SSL_ERROR_WANT_WRITE, 0, false), 0, "write ready");
|
TEST_RESULT_INT(tlsSessionResultProcess(session, SSL_ERROR_WANT_WRITE, 0, 0, false), 0, "write ready");
|
||||||
TEST_ERROR(tlsSessionResultProcess(session, SSL_ERROR_WANT_X509_LOOKUP, 0, false), ServiceError, "TLS error [4]");
|
TEST_ERROR(
|
||||||
TEST_ERROR(tlsSessionResultProcess(session, SSL_ERROR_ZERO_RETURN, 0, false), ProtocolError, "unexpected TLS eof");
|
tlsSessionResultProcess(session, SSL_ERROR_WANT_X509_LOOKUP, 336031996, 0, false), ServiceError,
|
||||||
|
"TLS error [4:336031996] unknown protocol");
|
||||||
|
TEST_ERROR(
|
||||||
|
tlsSessionResultProcess(session, SSL_ERROR_WANT_X509_LOOKUP, 0, 0, false), ServiceError,
|
||||||
|
"TLS error [4:0] no details available");
|
||||||
|
TEST_ERROR(
|
||||||
|
tlsSessionResultProcess(session, SSL_ERROR_ZERO_RETURN, 0, 0, false), ProtocolError, "unexpected TLS eof");
|
||||||
|
|
||||||
// -----------------------------------------------------------------------------------------------------------------
|
// -----------------------------------------------------------------------------------------------------------------
|
||||||
TEST_TITLE("first protocol exchange");
|
TEST_TITLE("first protocol exchange");
|
||||||
|
Loading…
Reference in New Issue
Block a user