[ssl] added warning for proxenet->client ssl handshake

hugsy · Jun 11, 2015 · a3ca2f7 · a3ca2f7
1 parent d65f0d0
commit a3ca2f7
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 6 deletions.
diff --git a/http.c b/http.c
@@ -577,9 +577,9 @@ int create_http_socket(request_t* req, sock_t* server_sock, sock_t* client_sock,
 
                         retcode = proxenet_ssl_handshake(&(ssl_ctx->client.context));
                         if (retcode < 0) {
-                                xlog(LOG_ERROR, "%s->'%s:%d': SSL handshake failed [code: %#x]\n",
-                                     PROGNAME, http_infos->hostname, http_infos->port, retcode);
-
+                                xlog(LOG_ERROR, "handshake %s->server failed [code: %#x]\n", PROGNAME, retcode);
+                                xlog(LOG_ERROR, "Client SSL handshake failed for '%s:%d'.\n",
+                                     http_infos->hostname, http_infos->port, retcode);
                                 return -1;
                         }
 
@@ -601,8 +601,12 @@ int create_http_socket(request_t* req, sock_t* server_sock, sock_t* client_sock,
                         }
 
                         proxenet_ssl_wrap_socket(&(ssl_ctx->server.context), server_sock);
-                        if (proxenet_ssl_handshake(&(ssl_ctx->server.context)) < 0) {
-                                xlog(LOG_ERROR, "handshake %s->client failed\n", PROGNAME);
+
+                        retcode = proxenet_ssl_handshake(&(ssl_ctx->server.context));
+                        if (retcode < 0) {
+                                xlog(LOG_ERROR, "handshake %s->client failed [code: %#x]\n", PROGNAME, retcode);
+                                xlog(LOG_ERROR, "Server SSL handshake failed for '%s:%d'.\n",
+                                     http_infos->hostname, http_infos->port, retcode);
                                 return -1;
                         }
 

diff --git a/ssl.c b/ssl.c
@@ -260,7 +260,15 @@ int proxenet_ssl_handshake(proxenet_ssl_context_t* ctx)
 
                 if(retcode!=POLARSSL_ERR_NET_WANT_READ && \
                    retcode!=POLARSSL_ERR_NET_WANT_WRITE) {
-                        xlog(LOG_ERROR, "SSL handshake failed (returns %#x)\n", -retcode);
+
+                        if (retcode == POLARSSL_ERR_NET_CONN_RESET)
+                                xlog(LOG_WARNING,
+                                     "Peer has reset the SSL connection during handshake (error "
+                                     "%#x).To remove this warning, make sure to add proxenet "
+                                     "CA certificate as a Trusted CA for websites.\n",
+                                     -retcode);
+                        else
+                                xlog(LOG_ERROR, "SSL handshake failed (returns %#x)\n", -retcode);
                         break;
                 }