# HG changeset patch
# User David Demelier <markand@malikania.fr>
# Date 1623929581 -7200
# Node ID 89478faef566283299c2fa7d06d2509bcc377c55
# Parent  c857bc87966978b16e00e0ca5c18f3f63c213f7b
irccd: improve bad SSL port detection

diff -r c857bc879669 -r 89478faef566 lib/irccd/conn.c
--- a/lib/irccd/conn.c	Thu Jun 17 09:57:42 2021 +0200
+++ b/lib/irccd/conn.c	Thu Jun 17 13:33:01 2021 +0200
@@ -25,6 +25,8 @@
 #include <string.h>
 #include <unistd.h>
 
+#include <openssl/err.h>
+
 #include "conn.h"
 #include "log.h"
 #include "server.h"
@@ -121,7 +123,10 @@
 static inline int
 update_ssl_state(struct irc_conn *conn, int ret)
 {
-	switch (SSL_get_error(conn->ssl, ret)) {
+	char error[1024];
+	int num;
+
+	switch ((num = SSL_get_error(conn->ssl, ret))) {
 	case SSL_ERROR_WANT_READ:
 		irc_log_debug("server %s: step %d now needs read condition",
 		    conn->sv->name, conn->ssl_step);
@@ -133,6 +138,8 @@
 		conn->ssl_cond = IRC_CONN_SSL_ACT_WRITE;
 		break;
 	case SSL_ERROR_SSL:
+		irc_log_warn("server %s: SSL error: %s", conn->sv->name,
+		    ERR_error_string(num, error));
 		return irc_conn_disconnect(conn), -1;
 	default:
 		break;
@@ -267,7 +274,19 @@
 			SSL_set_connect_state(conn->ssl);
 		}
 
-		if ((r = SSL_do_handshake(conn->ssl)) <= 0)
+		/*
+		 * From SSL_do_handshake manual page:
+		 *  < 0 -> fatal error
+		 * == 0 -> incomplete handshake
+		 * == 1 -> success
+		 */
+		if ((r = SSL_do_handshake(conn->ssl)) < 0) {
+			irc_log_warn("server %s: handshake failed (is the port SSL?)", conn->sv->name);
+			irc_conn_disconnect(conn);
+			return -1;
+		}
+
+		if (r == 0)
 			return update_ssl_state(conn, r);
 
 		conn->state = IRC_CONN_STATE_READY;