Improve error message when the connection is terminated during handshake #4706
Labels
branch: master
Merge to master branch
inactive
triaged: feature
The issue/pr requests/adds a feature
Milestone
Comments
t8m
added
branch: master
t8m
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If an openssl client v1.0.2m makes a connection to an SSL server, and if the server disconnects the connection without saying anything (zero bytes are sent), openssl doesn't explicitly declare this in the error message.
While in theory this is a handshake failure, there is no attempt to log why the handshake failed.
Would it be correct to add an additional line before
-> 177 SSLerr(SSL_F_SSL23_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE);
to state that the remote server terminated the connection unexpectedly?
Or are there other types of handshake failures that could cause is to reach this line with n equal to zero?
(lldb) run
Process 8811 launched: './apps/openssl' (i386)
CONNECTED(00000003)
Process 8811 stopped
frame #0: 0x000ab0e3 openssl`ssl23_read_bytes(s=0x01803c70, n=7) at s23_pkt.c:103
100 unsigned char *p;
101 int j;
102
-> 103 if (s->packet_length < (unsigned int)n) {
104 p = s->packet;
105
106 for (;;) {
Target 0: (openssl) stopped.
(lldb) next
Process 8811 stopped
frame #0: 0x000ab0f2 openssl`ssl23_read_bytes(s=0x01803c70, n=7) at s23_pkt.c:104
101 int j;
102
103 if (s->packet_length < (unsigned int)n) {
-> 104 p = s->packet;
105
106 for (;;) {
107 s->rwstate = SSL_READING;
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000ab0fb openssl`ssl23_read_bytes(s=0x01803c70, n=7) at s23_pkt.c:107
104 p = s->packet;
105
106 for (;;) {
-> 107 s->rwstate = SSL_READING;
108 j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
109 n - s->packet_length);
110 if (j <= 0)
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000ab105 openssl`ssl23_read_bytes(s=0x01803c70, n=7) at s23_pkt.c:108
105
106 for (;;) {
107 s->rwstate = SSL_READING;
-> 108 j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
109 n - s->packet_length);
110 if (j <= 0)
111 return j;
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000ab114 openssl`ssl23_read_bytes(s=0x01803c70, n=7) at s23_pkt.c:109
106 for (;;) {
107 s->rwstate = SSL_READING;
108 j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
-> 109 n - s->packet_length);
110 if (j <= 0)
111 return j;
112 s->rwstate = SSL_NOTHING;
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000ab11d openssl`ssl23_read_bytes(s=0x01803c70, n=7) at s23_pkt.c:108
105
106 for (;;) {
107 s->rwstate = SSL_READING;
-> 108 j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
109 n - s->packet_length);
110 if (j <= 0)
111 return j;
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000ab130 openssl`ssl23_read_bytes(s=0x01803c70, n=7) at s23_pkt.c:110
107 s->rwstate = SSL_READING;
108 j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
109 n - s->packet_length);
-> 110 if (j <= 0)
111 return j;
112 s->rwstate = SSL_NOTHING;
113 s->packet_length += j;
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000ab13a openssl`ssl23_read_bytes(s=0x01803c70, n=7) at s23_pkt.c:111
108 j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
109 n - s->packet_length);
110 if (j <= 0)
-> 111 return j;
112 s->rwstate = SSL_NOTHING;
113 s->packet_length += j;
114 if (s->packet_length >= (unsigned int)n)
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000ab183 openssl`ssl23_read_bytes(s=0x01803c70, n=7) at s23_pkt.c:119
116 }
117 }
118 return (n);
-> 119 }
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000aa181 openssl`ssl23_get_server_hello(s=0x01803c70) at s23_clnt.c:627
624 int i;
625 int n;
626
-> 627 n = ssl23_read_bytes(s, 7);
628
629 if (n != 7)
630 return (n);
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000aa184 openssl`ssl23_get_server_hello(s=0x01803c70) at s23_clnt.c:629
626
627 n = ssl23_read_bytes(s, 7);
628
-> 629 if (n != 7)
630 return (n);
631 p = s->packet;
632
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000aa18e openssl`ssl23_get_server_hello(s=0x01803c70) at s23_clnt.c:630
627 n = ssl23_read_bytes(s, 7);
628
629 if (n != 7)
-> 630 return (n);
631 p = s->packet;
632
633 memcpy(buf, p, n);
Target 0: (openssl) stopped.
(lldb) print n
(int) $4 = 0
(lldb) next
Process 8811 stopped
frame #0: 0x000aa8cc openssl`ssl23_get_server_hello(s=0x01803c70) at s23_clnt.c:833
830 return (SSL_connect(s));
831 err:
832 return (-1);
-> 833 }
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000a9179 openssl`ssl23_connect(s=0x01803c70) at s23_clnt.c:231
228
229 case SSL23_ST_CR_SRVR_HELLO_A:
230 case SSL23_ST_CR_SRVR_HELLO_B:
-> 231 ret = ssl23_get_server_hello(s);
232 if (ret >= 0)
233 cb = NULL;
234 goto end;
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000a917c openssl`ssl23_connect(s=0x01803c70) at s23_clnt.c:232
229 case SSL23_ST_CR_SRVR_HELLO_A:
230 case SSL23_ST_CR_SRVR_HELLO_B:
231 ret = ssl23_get_server_hello(s);
-> 232 if (ret >= 0)
233 cb = NULL;
234 goto end;
235 /* break; */
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000a9186 openssl`ssl23_connect(s=0x01803c70) at s23_clnt.c:233
230 case SSL23_ST_CR_SRVR_HELLO_B:
231 ret = ssl23_get_server_hello(s);
232 if (ret >= 0)
-> 233 cb = NULL;
234 goto end;
235 /* break; */
236
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000a918d openssl`ssl23_connect(s=0x01803c70) at s23_clnt.c:234
231 ret = ssl23_get_server_hello(s);
232 if (ret >= 0)
233 cb = NULL;
-> 234 goto end;
235 /* break; */
236
237 default:
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000a92a8 openssl`ssl23_connect(s=0x01803c70) at s23_clnt.c:256
253 }
254 }
255 end:
-> 256 s->in_handshake--;
257 if (buf != NULL)
258 BUF_MEM_free(buf);
259 if (cb != NULL)
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000a92b4 openssl`ssl23_connect(s=0x01803c70) at s23_clnt.c:257
254 }
255 end:
256 s->in_handshake--;
-> 257 if (buf != NULL)
258 BUF_MEM_free(buf);
259 if (cb != NULL)
260 cb(s, SSL_CB_CONNECT_EXIT, ret);
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000a92c9 openssl`ssl23_connect(s=0x01803c70) at s23_clnt.c:259
256 s->in_handshake--;
257 if (buf != NULL)
258 BUF_MEM_free(buf);
-> 259 if (cb != NULL)
260 cb(s, SSL_CB_CONNECT_EXIT, ret);
261 return (ret);
262 }
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000a92f8 openssl`ssl23_connect(s=0x01803c70) at s23_clnt.c:261
258 BUF_MEM_free(buf);
259 if (cb != NULL)
260 cb(s, SSL_CB_CONNECT_EXIT, ret);
-> 261 return (ret);
262 }
263
264 static int ssl23_no_ssl2_ciphers(SSL *s)
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000aaf33 openssl`ssl23_write(s=0x01803c70, buf=0x01004600, len=0) at s23_lib.c:173
170
171 clear_sys_error();
172 if (SSL_in_init(s) && (!s->in_handshake)) {
-> 173 n = s->handshake_func(s);
174 if (n < 0)
175 return (n);
176 if (n == 0) {
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000aaf36 openssl`ssl23_write(s=0x01803c70, buf=0x01004600, len=0) at s23_lib.c:174
171 clear_sys_error();
172 if (SSL_in_init(s) && (!s->in_handshake)) {
173 n = s->handshake_func(s);
-> 174 if (n < 0)
175 return (n);
176 if (n == 0) {
177 SSLerr(SSL_F_SSL23_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE);
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000aaf4b openssl`ssl23_write(s=0x01803c70, buf=0x01004600, len=0) at s23_lib.c:176
173 n = s->handshake_func(s);
174 if (n < 0)
175 return (n);
-> 176 if (n == 0) {
177 SSLerr(SSL_F_SSL23_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE);
178 return (-1);
179 }
Target 0: (openssl) stopped.
(lldb)
Process 8811 stopped
frame #0: 0x000aaf72 openssl`ssl23_write(s=0x01803c70, buf=0x01004600, len=0) at s23_lib.c:177
174 if (n < 0)
175 return (n);
176 if (n == 0) {
-> 177 SSLerr(SSL_F_SSL23_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE);
178 return (-1);
179 }
180 return (SSL_write(s, buf, len));
Target 0: (openssl) stopped.
(lldb)
The text was updated successfully, but these errors were encountered: