Repository: trafficserver Updated Branches: refs/heads/master a7a51ecc1 -> 705a1d800
TS-2615: handle errors in creating a SSL client session Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/705a1d80 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/705a1d80 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/705a1d80 Branch: refs/heads/master Commit: 705a1d80002de0406e4da59892f36d05a11eb849 Parents: a7a51ec Author: James Peach <[email protected]> Authored: Fri Feb 28 15:25:38 2014 -0800 Committer: James Peach <[email protected]> Committed: Tue Mar 4 21:01:29 2014 -0800 ---------------------------------------------------------------------- CHANGES | 2 ++ iocore/net/SSLNetVConnection.cc | 31 +++++++++++++++++++++---------- 2 files changed, 23 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/705a1d80/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index 2b3627c..2f13215 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.0.0 + *) [TS-2615] Better logging and error handling in SSL client session startup. + *) [TS-2613] Can't turn on attach server session to client from records.config *) [TS-2611] Add a new S3 authentication plugin, s3_auth. This only supports http://git-wip-us.apache.org/repos/asf/trafficserver/blob/705a1d80/iocore/net/SSLNetVConnection.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index dfcef4d..32b9a44 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -484,7 +484,9 @@ SSLNetVConnection::free(EThread * t) { int SSLNetVConnection::sslStartHandShake(int event, int &err) { - if (event == SSL_EVENT_SERVER) { + + switch (event) { + case SSL_EVENT_SERVER: if (this->ssl == NULL) { SSLCertificateConfig::scoped_config lookup; @@ -492,21 +494,30 @@ SSLNetVConnection::sslStartHandShake(int event, int &err) // to negotiate a SSL session, but it's enough to trampoline us into the SNI callback where we // can select the right server certificate. this->ssl = make_ssl_connection(lookup->defaultContext(), this); - if (this->ssl == NULL) { - Debug("ssl", "SSLNetVConnection::sslServerHandShakeEvent, ssl create failed"); - SSLErrorVC(this, "SSL_StartHandShake"); - return EVENT_ERROR; - } + } + + if (this->ssl == NULL) { + SSLErrorVC(this, "failed to create SSL server session"); + return EVENT_ERROR; } return sslServerHandShakeEvent(err); - } else { - ink_assert(event == SSL_EVENT_CLIENT); + + case SSL_EVENT_CLIENT: if (this->ssl == NULL) { this->ssl = make_ssl_connection(ssl_NetProcessor.client_ctx, this); } - ink_assert(event == SSL_EVENT_CLIENT); - return (sslClientHandShakeEvent(err)); + + if (this->ssl == NULL) { + SSLErrorVC(this, "failed to create SSL client session"); + return EVENT_ERROR; + } + + return sslClientHandShakeEvent(err); + + default: + ink_assert(0); + return EVENT_ERROR; } }
