Browse Source

[mod_gnutls] improve alert handling

* print alerts with numerical value
* show non-fatal alerts
* use log level info for all alerts
* use log level warning for non-fatal "unknown" errors

Change-Id: Ibaa33743bfe809579981fdeb121955ef5c6d0ab2
personal/stbuehler/wip
Stefan Bühler 7 years ago
parent
commit
fc02dcf9e2
  1. 4
      include/lighttpd/log.h
  2. 46
      src/modules/gnutls_filter.c

4
include/lighttpd/log.h

@ -16,8 +16,8 @@
* Logs are sent once per event loop iteration to the logging thread in order to reduce syscalls and lock contention.
*/
/* at least one of srv and wrk must not be NULL. log_map may be NULL. */
#define _SEGFAULT(srv, wrk, log_map, fmt, ...) \
/* at least one of srv and wrk must not be NULL. ctx may be NULL. */
#define _SEGFAULT(srv, wrk, ctx, fmt, ...) \
do { \
li_log_write(srv, NULL, NULL, LI_LOG_LEVEL_ABORT, LI_LOG_FLAG_TIMESTAMP, "(crashing) %s:%d: %s " fmt, LI_REMOVE_PATH(__FILE__), __LINE__, G_STRFUNC, __VA_ARGS__); \
li_print_backtrace_stderr(); \

46
src/modules/gnutls_filter.c

@ -209,7 +209,7 @@ static void do_handle_error(liGnuTLSFilter *f, const char *gnutlsfunc, int r, gb
switch (r) {
case GNUTLS_E_AGAIN:
if (writing) f->write_wants_read = TRUE;
break;
return;
case GNUTLS_E_REHANDSHAKE:
#ifdef HAVE_SAVE_RENEGOTIATION
if (f->initial_handshaked_finished && !gnutls_safe_renegotiation_status(f->session)) {
@ -224,35 +224,47 @@ static void do_handle_error(liGnuTLSFilter *f, const char *gnutlsfunc, int r, gb
f_close_with_alert(f, r);
}
#endif
break;
return;
case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
f_close_with_alert(f, r);
break;
return;
case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
_DEBUG(f->srv, f->wrk, f->log_context, "%s (%s): %s", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r));
f_close_with_alert(f, r);
return;
case GNUTLS_E_FATAL_ALERT_RECEIVED:
case GNUTLS_E_WARNING_ALERT_RECEIVED:
{
gnutls_alert_description_t alert_desc = gnutls_alert_get(f->session);
const char* alert_desc_name = gnutls_alert_get_name(alert_desc);
_INFO(f->srv, f->wrk, f->log_context, "%s (%s): %s %s (%u)", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r),
(NULL != alert_desc_name) ? alert_desc_name : "unknown alert",
(unsigned int) alert_desc);
}
/* error not handled yet: break instead of return */
break;
default:
if (gnutls_error_is_fatal(r)) {
if (GNUTLS_E_FATAL_ALERT_RECEIVED == r || GNUTLS_E_WARNING_ALERT_RECEIVED == r) {
_ERROR(f->srv, f->wrk, f->log_context, "%s (%s): %s", gnutlsfunc,
gnutls_strerror_name(r),
gnutls_alert_get_name(gnutls_alert_get(f->session)));
} else {
_ERROR(f->srv, f->wrk, f->log_context, "%s (%s): %s", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r));
}
if (f->initial_handshaked_finished) {
f_close_with_alert(f, r);
} else {
f_abort_gnutls(f);
}
_ERROR(f->srv, f->wrk, f->log_context, "%s (%s): %s", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r));
} else {
_ERROR(f->srv, f->wrk, f->log_context, "%s non fatal (%s): %s", gnutlsfunc,
_WARNING(f->srv, f->wrk, f->log_context, "%s non fatal (%s): %s", gnutlsfunc,
gnutls_strerror_name(r), gnutls_strerror(r));
}
/* error not handled yet: break instead of return */
break;
}
/* generic error handling */
if (gnutls_error_is_fatal(r)) {
if (f->initial_handshaked_finished) {
f_close_with_alert(f, r);
} else {
f_abort_gnutls(f);
}
}
}

Loading…
Cancel
Save