View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003157||unreal||ircd||public||2006-12-20 21:08||2010-09-19 16:36|
|Summary||0003157: More descriptive SSL error messages (underlying syscall error, etc)|
|Description||When a connection between 2 connected servers (both rc3) with ssl + zib was lost i was seen this AND ONLY this without the junk snomask:|
-FBSD6.unrealircd.testnet- Lost connection to WinXPPro.nonSSL.unrealircd.testnet[220.127.116.11]: SSL_read(): Underlying syscall error
Server notice mask (+kcfFvGqso)
|Tags||No tags attached.|
|3rd party modules|
I got this error on my side of the netsplit
>[Dec 20 2006 21:29:10] Lost connection to FBSD6.unrealircd.testnet[18.104.22.168]: SSL_read(): Underlying socket operation returned zero
and? /me don't see bug in this case - error of OpenSSL is difficult to see ;]
-win2003.unrealircd.testnet- *** LocOps -- Received SQUIT FBSD6.unrealircd.testnet from Bock|work[22.214.171.124] (@test!)
in other side:
-FBSD6.unrealircd.testnet- Lost connection to win2003.unrealircd.testnet[126.96.36.199]: SSL_read(): Underlying socket operation returned zero
-win2003.unrealircd.testnet- Lost connection to FBSD6.unrealircd.testnet[188.8.131.52]: SSL_read(): Underlying syscall error
-FBSD6.unrealircd.testnet- Lost connection to win2003.unrealircd.testnet[184.108.40.206]: SSL_read(): Underlying syscall error
So ehm.. it gives an error? good then...
I don't understand.. what's the bug? :P
||/me don't see bug too :]|
or do you mean a better error *description* perhaps? yeah there's still room for improvement there.
basically what I fixed was that at least an error message is *shown* ;). Previously you could have seen no error at all (except with junk snomask), which was.. not good :P.
||yeah, the description to me looks fucked up|
I've changed the title to "More descriptive SSL error messages (underlying syscall error, etc)" and will add it as a child to 3.2.7.
If this was an incorrect assumption (see also previous comments), then let me know.
"More descriptive SSL error messages"
unreal-3157-ssl-errno-condense.patch (6,378 bytes)
unreal-3157-ssl-errno-condense.patch: This was originally written to get rid of code duplication between fatal_ssl_error() and ssl_error_str(). As a side-affect, calls to fatal_ssl_error() now get errno passed along. Unfortunately, it seems that even this isn't providing too much useful information:
:test.ohnopub.net NOTICE a :*** Notice -- Client connecting on port 6338: b (ohnobinki@localhost) [clients] [secure AES256-SHA]
:test.ohnopub.net NOTICE a :Exiting ssl client b[firstname.lastname@example.org]: SSL_read(): Underlying syscall error [Success]
:test.ohnopub.net NOTICE a :*** Notice -- Client exiting: b (ohnobinki@localhost) [Input/output error]
Reminds me of the ``Success'' socket error that clients quit with when not using SSL. I'm not too creative, maybe I could've simulated some more catastrophic disconnection which would display something other than ``Success''... or maybe errno is being trampled on before I store a copy of it. Oh, likely that Debug() function calls vsprintf...
unreal-3157-ssl-errno-condense-r1.patch (6,960 bytes)
||unreal-3157-ssl-errno-condense-r1.patch: This version supposedly saves errno before the Debug() call for SSL_read() and SSL_write() but I still don't get anything other than ``Success''. I guess this would potentially be more reliable... if it helps at all. I'm not sure how to generate an error other than ``success''.|
Added in .883:
- SSL errors are now more descriptive. In some cases, like server to server
links it was still showing 'Underlying syscall error', this has now been
replaced to show the actual (surprise!) underlying syscall error instead.
Reported by vonitsanet, patch from ohnobinki (0003157).
Your patched works fine. I used 'tcpkill' (dsniff package, careful with it, though) to test it and it now shows the connection reset by peer message properly.
The only edit I did was replace the error entirely with the new error, instead of 'Underlying syscall error [error here]'.
Various code already did that, with some tricks, that are probably no longer needed, but ah well...
Basically user disconnects and connect() failures were already OK, but now disconnects when the server has been linked (like some time later) shows the proper error as well.... plus some other cases I guess...
|2006-12-20 21:08||vonitsanet||New Issue|
|2006-12-20 21:11||Bricker||Note Added: 0012865|
|2006-12-21 01:22||Bock||Note Added: 0012868|
|2006-12-21 07:40||syzop||Note Added: 0012870|
|2006-12-21 07:59||Bock||Note Added: 0012872|
|2006-12-21 08:54||syzop||Note Added: 0012873|
|2006-12-21 10:25||Bricker||Note Added: 0012874|
|2006-12-21 17:54||syzop||Note Added: 0012880|
|2006-12-21 17:54||syzop||Summary||Connection Errors. => More descriptive SSL error messages (underlying syscall error, etc)|
|2006-12-21 17:54||syzop||Status||new => acknowledged|
|2006-12-21 17:54||syzop||Relationship added||child of 0003111|
|2006-12-21 19:44||vonitsanet||Note Added: 0012882|
||Relationship added||has duplicate 0003342|
|2010-08-26 05:03||ohnobinki||File Added: unreal-3157-ssl-errno-condense.patch|
|2010-08-26 05:08||ohnobinki||Note Added: 0016317|
|2010-08-26 05:15||ohnobinki||File Added: unreal-3157-ssl-errno-condense-r1.patch|
|2010-08-26 05:23||ohnobinki||Note Added: 0016318|
|2010-09-19 16:36||syzop||QA||=> Not touched yet by developer|
|2010-09-19 16:36||syzop||U4: Need for upstream patch||=> No need for upstream InspIRCd patch|
|2010-09-19 16:36||syzop||Note Added: 0016365|
|2010-09-19 16:36||syzop||Status||acknowledged => resolved|
|2010-09-19 16:36||syzop||Resolution||open => fixed|
|2010-09-19 16:36||syzop||Assigned To||=> syzop|