New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better (any) error message for SSL... #458
Comments
1. "only reason I can think of for that many failed hello's would be no SSL" true, but the connecting client could be a bot OR a user. so we cant display
at least the message must be changed. 2. error mesage (ssl bot port) the code in tls.c:ssl_info() producing the +b message but the code in net.c:sockread() seems: currently its like:
the case happening here is case SSL_ERROR_SYSCALL and its only handled in the general else branch. we should intercept SSL_ERROR_SYSCALL and display an error message like i now committed with #645. Also the general error message above could be enhanced to read "SSL read error" instead of "SSL error". There are more cases, where we could replace error mesage "SSL error" with a more detailled one, like after SSL_write(). The ssl bot of course doesn't know if its a bot or a user telnet, or whatever, that tries to connect. So it can only display some error message like "Could be..." 3. error mesage (non ssl bot) the non ssl bot connects to an ssl only port. the ssl bot expects the hello and is sending nothing. so the non ssl bot cant receive anything and is quite blind. it cant find out that the end point is an ssl port. but we can change this. yes! of course only, if stealth-telnets isn't activated and/or a new config setting allows for it. the ssl bot could send a TOKEN over the wire, so that the non ssl bot/user could see its an ssl port and react to it. bonus: a non-ssl bot could not only inform about the ssl port, but could also instantly drop its attempt to connect. maybe even send another TOKEN to the ssl port to tell the ssl bot, what just happened, so it also could report/act to it. 4. the many "TLS: failed in:" i would like to see such verbose messages to be moved from a normal output channel to debug() output. (1) and (2) is fixed with #645 |
Found by: Geo Patch by: michaelortmann Fixes: #458
Found by: Geo Patch by: michaelortmann Fixes: #458
Found by: Geo Patch by: michaelortmann Fixes: #458
... when a linking bot is not compiled with SSL and fails to connect to an SSL-only port.
Currently, the leaf bot (with no SSL) only sees:
the hub (with SSL, console +b-d) only sees:
Maybe at the end of all those failed hellos, we add
as the only reason I can think of for that many failed hello's would be no SSL. Or something, but that's a starting point. Probably worth looking at the reverse case (hub no ssl, leaf ssl) too
The text was updated successfully, but these errors were encountered: