This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 4d0dbbe Document error handling for OpenSSL
4d0dbbe is described below
commit 4d0dbbe04090393749ff9121a559ba95a565c932
Author: remm <[email protected]>
AuthorDate: Tue Mar 9 15:17:25 2021 +0100
Document error handling for OpenSSL
Also log all errors on the stack as debug.
---
.../tomcat/util/net/openssl/OpenSSLEngine.java | 40 +++++++++++++++-------
1 file changed, 28 insertions(+), 12 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 4700c2a..f17ca3a 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -940,34 +940,50 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
private void checkLastError() throws SSLException {
- long error = SSL.getLastErrorNumber();
- if (error != SSL.SSL_ERROR_NONE) {
- String err = SSL.getErrorString(error);
- if (logger.isDebugEnabled()) {
- logger.debug(sm.getString("engine.openSSLError",
Long.toString(error), err));
- }
+ String sslError = getLastError();
+ if (sslError != null) {
// Many errors can occur during handshake and need to be reported
if (!handshakeFinished) {
sendHandshakeError = true;
} else {
- throw new SSLException(err);
+ throw new SSLException(sslError);
}
}
}
- /*
+ /**
+ * Clear out any errors, but log a warning.
+ */
+ private static void clearLastError() {
+ getLastError();
+ }
+
+ /**
* Many calls to SSL methods do not check the last error. Those that do
* check the last error need to ensure that any previously ignored error is
* cleared prior to the method call else errors may be falsely reported.
+ * @return the first error in the stack
+ *
+ * TODO: Improve error handling. Ideally, before any SSL_read, SSL_write,
+ * clearLastError should always be called, and getLastError should be
called
+ * after on any negative result.
*
- * TODO: Check last error after every call to an SSL method and respond
- * appropriately.
*/
- private static void clearLastError() {
- while (SSL.getLastErrorNumber() != SSL.SSL_ERROR_NONE) {
+ private static String getLastError() {
+ String sslError = null;
+ long error;
+ while ((error = SSL.getLastErrorNumber()) != SSL.SSL_ERROR_NONE) {
// Loop until getLastErrorNumber() returns SSL_ERROR_NONE
+ String err = SSL.getErrorString(error);
+ if (sslError == null) {
+ sslError = err;
+ }
+ if (logger.isDebugEnabled()) {
+ logger.debug(sm.getString("engine.openSSLError",
Long.toString(error), err));
+ }
}
+ return sslError;
}
private SSLEngineResult.Status getEngineStatus() {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
