From: Daniel Lenski Date: Mon, 30 Nov 2020 03:09:15 +0000 (-0800) Subject: clarify some error messages which apply equally to TLS and DTLS sockets X-Git-Tag: v8.20~379^2 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=ccf17dd0657e9d6a01d51638d401300d2832cfe1;p=users%2Fdwmw2%2Fopenconnect.git clarify some error messages which apply equally to TLS and DTLS sockets Clarifies #157 (but doesn't actually fix it) Signed-off-by: Daniel Lenski --- diff --git a/gnutls.c b/gnutls.c index 521ff619..7d5b9924 100644 --- a/gnutls.c +++ b/gnutls.c @@ -86,7 +86,7 @@ int can_enable_insecure_crypto() return 0; } -/* Helper functions for reading/writing lines over SSL. */ +/* Helper functions for reading/writing lines over TLS/DTLS. */ static int _openconnect_gnutls_write(gnutls_session_t ses, int fd, struct openconnect_info *vpninfo, char *buf, size_t len) { size_t orig_len = len; @@ -115,11 +115,11 @@ static int _openconnect_gnutls_write(gnutls_session_t ses, int fd, struct openco return -EIO; } if (is_cancel_pending(vpninfo, &rd_set)) { - vpn_progress(vpninfo, PRG_ERR, _("SSL write cancelled\n")); + vpn_progress(vpninfo, PRG_ERR, _("TLS/DTLS write cancelled\n")); return -EINTR; } } else { - vpn_progress(vpninfo, PRG_ERR, _("Failed to write to SSL socket: %s\n"), + vpn_progress(vpninfo, PRG_ERR, _("Failed to write to TLS/DTLS socket: %s\n"), gnutls_strerror(done)); return -EIO; } @@ -165,12 +165,12 @@ static int _openconnect_gnutls_read(gnutls_session_t ses, int fd, struct opencon cmd_fd_set(vpninfo, &rd_set, &maxfd); ret = select(maxfd + 1, &rd_set, &wr_set, NULL, tv); if (ret < 0 && errno != EINTR) { - vpn_perror(vpninfo, _("Failed select() for TLS")); + vpn_perror(vpninfo, _("Failed select() for TLS/DTLS")); return -EIO; } if (is_cancel_pending(vpninfo, &rd_set)) { - vpn_progress(vpninfo, PRG_ERR, _("SSL read cancelled\n")); + vpn_progress(vpninfo, PRG_ERR, _("TLS/DTLS read cancelled\n")); done = -EINTR; goto cleanup; } @@ -183,7 +183,7 @@ static int _openconnect_gnutls_read(gnutls_session_t ses, int fd, struct opencon /* We've seen this with HTTP 1.0 responses followed by abrupt socket closure and no clean SSL shutdown. https://bugs.launchpad.net/bugs/1225276 */ - vpn_progress(vpninfo, PRG_DEBUG, _("SSL socket closed uncleanly\n")); + vpn_progress(vpninfo, PRG_DEBUG, _("TLS/DTLS socket closed uncleanly\n")); done = 0; goto cleanup; } else if (done == GNUTLS_E_REHANDSHAKE) { @@ -193,7 +193,7 @@ static int _openconnect_gnutls_read(gnutls_session_t ses, int fd, struct opencon goto cleanup; } } else { - vpn_progress(vpninfo, PRG_ERR, _("Failed to read from SSL socket: %s\n"), + vpn_progress(vpninfo, PRG_ERR, _("Failed to read from TLS/DTLS socket: %s\n"), gnutls_strerror(done)); if (done == GNUTLS_E_TIMEDOUT) { done = -ETIMEDOUT; @@ -266,7 +266,7 @@ static int openconnect_gnutls_gets(struct openconnect_info *vpninfo, char *buf, return -EIO; } if (is_cancel_pending(vpninfo, &rd_set)) { - vpn_progress(vpninfo, PRG_ERR, _("SSL read cancelled\n")); + vpn_progress(vpninfo, PRG_ERR, _("TLS/DTLS read cancelled\n")); ret = -EINTR; break; } @@ -275,7 +275,7 @@ static int openconnect_gnutls_gets(struct openconnect_info *vpninfo, char *buf, if (ret) return ret; } else { - vpn_progress(vpninfo, PRG_ERR, _("Failed to read from SSL socket: %s\n"), + vpn_progress(vpninfo, PRG_ERR, _("Failed to read from TLS/DTLS socket: %s\n"), gnutls_strerror(ret)); ret = -EIO; break; diff --git a/openssl.c b/openssl.c index 4c889815..ac0d919a 100644 --- a/openssl.c +++ b/openssl.c @@ -139,7 +139,7 @@ int openconnect_random(void *bytes, int len) return 0; } -/* Helper functions for reading/writing lines over SSL. +/* Helper functions for reading/writing lines over TLS/DTLS. We could use cURL for the HTTP stuff, but it's overkill */ static int _openconnect_openssl_write(SSL *ssl, int fd, struct openconnect_info *vpninfo, char *buf, size_t len) @@ -164,14 +164,14 @@ static int _openconnect_openssl_write(SSL *ssl, int fd, struct openconnect_info else if (err == SSL_ERROR_WANT_WRITE) FD_SET(fd, &wr_set); else { - vpn_progress(vpninfo, PRG_ERR, _("Failed to write to SSL socket\n")); + vpn_progress(vpninfo, PRG_ERR, _("Failed to write to TLS/DTLS socket\n")); openconnect_report_ssl_errors(vpninfo); return -EIO; } cmd_fd_set(vpninfo, &rd_set, &maxfd); select(maxfd + 1, &rd_set, &wr_set, NULL, NULL); if (is_cancel_pending(vpninfo, &rd_set)) { - vpn_progress(vpninfo, PRG_ERR, _("SSL write cancelled\n")); + vpn_progress(vpninfo, PRG_ERR, _("TLS/DTLS write cancelled\n")); return -EINTR; } } @@ -214,14 +214,14 @@ static int _openconnect_openssl_read(SSL *ssl, int fd, struct openconnect_info * else if (err == SSL_ERROR_WANT_WRITE) FD_SET(fd, &wr_set); else { - vpn_progress(vpninfo, PRG_ERR, _("Failed to read from SSL socket\n")); + vpn_progress(vpninfo, PRG_ERR, _("Failed to read from TLS/DTLS socket\n")); openconnect_report_ssl_errors(vpninfo); return -EIO; } cmd_fd_set(vpninfo, &rd_set, &maxfd); ret = select(maxfd + 1, &rd_set, &wr_set, NULL, tv); if (is_cancel_pending(vpninfo, &rd_set)) { - vpn_progress(vpninfo, PRG_ERR, _("SSL read cancelled\n")); + vpn_progress(vpninfo, PRG_ERR, _("TLS/DTLS read cancelled\n")); return -EINTR; } @@ -280,7 +280,7 @@ static int openconnect_openssl_gets(struct openconnect_info *vpninfo, char *buf, else if (ret == SSL_ERROR_WANT_WRITE) FD_SET(vpninfo->ssl_fd, &wr_set); else { - vpn_progress(vpninfo, PRG_ERR, _("Failed to read from SSL socket\n")); + vpn_progress(vpninfo, PRG_ERR, _("Failed to read from TLS/DTLS socket\n")); openconnect_report_ssl_errors(vpninfo); ret = -EIO; break; @@ -288,7 +288,7 @@ static int openconnect_openssl_gets(struct openconnect_info *vpninfo, char *buf, cmd_fd_set(vpninfo, &rd_set, &maxfd); select(maxfd + 1, &rd_set, &wr_set, NULL, NULL); if (is_cancel_pending(vpninfo, &rd_set)) { - vpn_progress(vpninfo, PRG_ERR, _("SSL read cancelled\n")); + vpn_progress(vpninfo, PRG_ERR, _("TLS/DTLS read cancelled\n")); ret = -EINTR; break; }