mirror of https://github.com/asterisk/asterisk
Most SSL/TLS error messages coming from pjproject now have either the peer address:port or peer hostname, depending on what was available at the time and code location where the error was generated. ASTERISK-28444 Reported by: Bernhard Schmidt Change-Id: I41770e8a1ea5e96f6e16b236692c4269ce1ba91e16.5
George Joseph
6 years ago
parent
694097ee68
commit
2db5173b88
@ -0,0 +1,157 @@
|
||||
From 85b28c475b5dfd3b01dafffd1d0b3dbb6f087829 Mon Sep 17 00:00:00 2001
|
||||
From: George Joseph <gjoseph@digium.com>
|
||||
Date: Thu, 27 Jun 2019 11:19:47 -0600
|
||||
Subject: [PATCH] ssl_sock_ossl/sip_transport_tls: Add peer to error messages
|
||||
|
||||
Added peer address:port to error messages in ssl_sock_ossl.
|
||||
Added peer hostname to error messages in sip_transport_tls.
|
||||
---
|
||||
pjlib/src/pj/ssl_sock_ossl.c | 22 +++++++++++++---------
|
||||
pjsip/src/pjsip/sip_transport_tls.c | 17 +++++++++--------
|
||||
2 files changed, 22 insertions(+), 17 deletions(-)
|
||||
|
||||
diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
|
||||
index b4ac5c15f..42db8fdbe 100644
|
||||
--- a/pjlib/src/pj/ssl_sock_ossl.c
|
||||
+++ b/pjlib/src/pj/ssl_sock_ossl.c
|
||||
@@ -210,15 +210,19 @@ static char *SSLErrorString (int err)
|
||||
}
|
||||
}
|
||||
|
||||
-#define ERROR_LOG(msg, err) \
|
||||
- PJ_LOG(2,("SSL", "%s (%s): Level: %d err: <%lu> <%s-%s-%s> len: %d", \
|
||||
+#define ERROR_LOG(msg, err, ssock) \
|
||||
+{ \
|
||||
+ char buf[PJ_INET6_ADDRSTRLEN+10]; \
|
||||
+ PJ_LOG(2,("SSL", "%s (%s): Level: %d err: <%lu> <%s-%s-%s> len: %d peer: %s", \
|
||||
msg, action, level, err, \
|
||||
(ERR_lib_error_string(err)? ERR_lib_error_string(err): "???"), \
|
||||
(ERR_func_error_string(err)? ERR_func_error_string(err):"???"),\
|
||||
(ERR_reason_error_string(err)? \
|
||||
- ERR_reason_error_string(err): "???"), len));
|
||||
+ ERR_reason_error_string(err): "???"), len, \
|
||||
+ pj_sockaddr_print(&ssock->rem_addr, buf, sizeof(buf), 3))); \
|
||||
+}
|
||||
|
||||
-static void SSLLogErrors(char * action, int ret, int ssl_err, int len)
|
||||
+static void SSLLogErrors(char * action, int ret, int ssl_err, int len, pj_ssl_sock_t *ssock)
|
||||
{
|
||||
char *ssl_err_str = SSLErrorString(ssl_err);
|
||||
|
||||
@@ -233,7 +237,7 @@ static void SSLLogErrors(char * action, int ret, int ssl_err, int len)
|
||||
if (err2) {
|
||||
int level = 0;
|
||||
while (err2) {
|
||||
- ERROR_LOG("SSL_ERROR_SYSCALL", err2);
|
||||
+ ERROR_LOG("SSL_ERROR_SYSCALL", err2, ssock);
|
||||
level++;
|
||||
err2 = ERR_get_error();
|
||||
}
|
||||
@@ -264,7 +268,7 @@ static void SSLLogErrors(char * action, int ret, int ssl_err, int len)
|
||||
int level = 0;
|
||||
|
||||
while (err2) {
|
||||
- ERROR_LOG("SSL_ERROR_SSL", err2);
|
||||
+ ERROR_LOG("SSL_ERROR_SSL", err2, ssock);
|
||||
level++;
|
||||
err2 = ERR_get_error();
|
||||
}
|
||||
@@ -302,13 +306,13 @@ static pj_status_t STATUS_FROM_SSL_ERR(char *action, pj_ssl_sock_t *ssock,
|
||||
int level = 0;
|
||||
int len = 0; //dummy
|
||||
|
||||
- ERROR_LOG("STATUS_FROM_SSL_ERR", err);
|
||||
+ ERROR_LOG("STATUS_FROM_SSL_ERR", err, ssock);
|
||||
level++;
|
||||
|
||||
/* General SSL error, dig more from OpenSSL error queue */
|
||||
if (err == SSL_ERROR_SSL) {
|
||||
err = ERR_get_error();
|
||||
- ERROR_LOG("STATUS_FROM_SSL_ERR", err);
|
||||
+ ERROR_LOG("STATUS_FROM_SSL_ERR", err, ssock);
|
||||
}
|
||||
|
||||
ssock->last_err = err;
|
||||
@@ -326,7 +330,7 @@ static pj_status_t STATUS_FROM_SSL_ERR2(char *action, pj_ssl_sock_t *ssock,
|
||||
}
|
||||
|
||||
/* Dig for more from OpenSSL error queue */
|
||||
- SSLLogErrors(action, ret, err, len);
|
||||
+ SSLLogErrors(action, ret, err, len, ssock);
|
||||
|
||||
ssock->last_err = ssl_err;
|
||||
return GET_STATUS_FROM_SSL_ERR(ssl_err);
|
||||
diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c
|
||||
index 38349aa7a..d40bc7ea3 100644
|
||||
--- a/pjsip/src/pjsip/sip_transport_tls.c
|
||||
+++ b/pjsip/src/pjsip/sip_transport_tls.c
|
||||
@@ -173,9 +173,10 @@ static void wipe_buf(pj_str_t *buf);
|
||||
|
||||
|
||||
static void tls_perror(const char *sender, const char *title,
|
||||
- pj_status_t status)
|
||||
+ pj_status_t status, pj_str_t *remote_name)
|
||||
{
|
||||
- PJ_PERROR(3,(sender, status, "%s: [code=%d]", title, status));
|
||||
+ PJ_PERROR(3,(sender, status, "%s: [code=%d]%s%.*s", title, status,
|
||||
+ remote_name ? " peer: " : "", remote_name ? remote_name->slen : 0, remote_name ? remote_name->ptr : ""));
|
||||
}
|
||||
|
||||
|
||||
@@ -730,7 +731,7 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_restart(pjsip_tpfactory *factory,
|
||||
status = pjsip_tls_transport_lis_start(factory, local, a_name);
|
||||
if (status != PJ_SUCCESS) {
|
||||
tls_perror(listener->factory.obj_name,
|
||||
- "Unable to start listener after closing it", status);
|
||||
+ "Unable to start listener after closing it", status, NULL);
|
||||
|
||||
return status;
|
||||
}
|
||||
@@ -739,7 +740,7 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_restart(pjsip_tpfactory *factory,
|
||||
&listener->factory);
|
||||
if (status != PJ_SUCCESS) {
|
||||
tls_perror(listener->factory.obj_name,
|
||||
- "Unable to register the transport listener", status);
|
||||
+ "Unable to register the transport listener", status, NULL);
|
||||
|
||||
listener->is_registered = PJ_FALSE;
|
||||
} else {
|
||||
@@ -1085,7 +1086,7 @@ static pj_status_t tls_start_read(struct tls_transport *tls)
|
||||
PJSIP_POOL_RDATA_LEN,
|
||||
PJSIP_POOL_RDATA_INC);
|
||||
if (!pool) {
|
||||
- tls_perror(tls->base.obj_name, "Unable to create pool", PJ_ENOMEM);
|
||||
+ tls_perror(tls->base.obj_name, "Unable to create pool", PJ_ENOMEM, NULL);
|
||||
return PJ_ENOMEM;
|
||||
}
|
||||
|
||||
@@ -1772,7 +1773,7 @@ static pj_bool_t on_connect_complete(pj_ssl_sock_t *ssock,
|
||||
/* Check connect() status */
|
||||
if (status != PJ_SUCCESS) {
|
||||
|
||||
- tls_perror(tls->base.obj_name, "TLS connect() error", status);
|
||||
+ tls_perror(tls->base.obj_name, "TLS connect() error", status, &tls->remote_name);
|
||||
|
||||
/* Cancel all delayed transmits */
|
||||
while (!pj_list_empty(&tls->delayed_list)) {
|
||||
@@ -1916,7 +1917,7 @@ static pj_bool_t on_connect_complete(pj_ssl_sock_t *ssock,
|
||||
pjsip_transport_dec_ref(&tls->base);
|
||||
if (is_shutdown) {
|
||||
status = tls->close_reason;
|
||||
- tls_perror(tls->base.obj_name, "TLS connect() error", status);
|
||||
+ tls_perror(tls->base.obj_name, "TLS connect() error", status, &tls->remote_name);
|
||||
|
||||
/* Cancel all delayed transmits */
|
||||
while (!pj_list_empty(&tls->delayed_list)) {
|
||||
@@ -2015,7 +2016,7 @@ static void tls_keep_alive_timer(pj_timer_heap_t *th, pj_timer_entry *e)
|
||||
|
||||
if (status != PJ_SUCCESS && status != PJ_EPENDING) {
|
||||
tls_perror(tls->base.obj_name,
|
||||
- "Error sending keep-alive packet", status);
|
||||
+ "Error sending keep-alive packet", status, &tls->remote_name);
|
||||
|
||||
tls_init_shutdown(tls, status);
|
||||
return;
|
||||
--
|
||||
2.21.0
|
||||
|
||||
Loading…
Reference in new issue