Mercurial > irccd

changeset 1041:89478faef566

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
irccd: improve bad SSL port detection
author David Demelier <markand@malikania.fr>
date Thu, 17 Jun 2021 13:33:01 +0200
parents c857bc879669
children 76fecad14b00
files lib/irccd/conn.c
diffstat 1 files changed, 21 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/lib/irccd/conn.c	Thu Jun 17 09:57:42 2021 +0200
+++ b/lib/irccd/conn.c	Thu Jun 17 13:33:01 2021 +0200
@@ -25,6 +25,8 @@
 #include <string.h>
 #include <unistd.h>
 
+#include <openssl/err.h>
+
 #include "conn.h"
 #include "log.h"
 #include "server.h"
@@ -121,7 +123,10 @@
 static inline int
 update_ssl_state(struct irc_conn *conn, int ret)
 {
-	switch (SSL_get_error(conn->ssl, ret)) {
+	char error[1024];
+	int num;
+
+	switch ((num = SSL_get_error(conn->ssl, ret))) {
 	case SSL_ERROR_WANT_READ:
 		irc_log_debug("server %s: step %d now needs read condition",
 		    conn->sv->name, conn->ssl_step);
@@ -133,6 +138,8 @@
 		conn->ssl_cond = IRC_CONN_SSL_ACT_WRITE;
 		break;
 	case SSL_ERROR_SSL:
+		irc_log_warn("server %s: SSL error: %s", conn->sv->name,
+		    ERR_error_string(num, error));
 		return irc_conn_disconnect(conn), -1;
 	default:
 		break;
@@ -267,7 +274,19 @@
 			SSL_set_connect_state(conn->ssl);
 		}
 
-		if ((r = SSL_do_handshake(conn->ssl)) <= 0)
+		/*
+		 * From SSL_do_handshake manual page:
+		 *  < 0 -> fatal error
+		 * == 0 -> incomplete handshake
+		 * == 1 -> success
+		 */
+		if ((r = SSL_do_handshake(conn->ssl)) < 0) {
+			irc_log_warn("server %s: handshake failed (is the port SSL?)", conn->sv->name);
+			irc_conn_disconnect(conn);
+			return -1;
+		}
+
+		if (r == 0)
 			return update_ssl_state(conn, r);
 
 		conn->state = IRC_CONN_STATE_READY;