View Issue Details

IDProjectCategoryView StatusLast Update
0003157unrealircdpublic2010-09-19 16:36
Reportervonitsanet Assigned Tosyzop  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
OS-OS Version- 
Product Version3.2.6 
Summary0003157: More descriptive SSL error messages (underlying syscall error, etc)
DescriptionWhen a connection between 2 connected servers (both rc3) with ssl + zib was lost i was seen this AND ONLY this without the junk snomask:

-FBSD6.unrealircd.testnet- Lost connection to WinXPPro.nonSSL.unrealircd.testnet[75.75.21.39]: SSL_read(): Underlying syscall error


vonitsanet +iowghaAsxNzG
Server notice mask (+kcfFvGqso)
TagsNo tags attached.
3rd party modules

Relationships

has duplicate 0003342 closedstskeeps Better descriptions for SSL 
child of 0003111 closed 3.2.7 Release 

Activities

Bricker

2006-12-20 21:11

reporter   ~0012865

I got this error on my side of the netsplit

>[Dec 20 2006 21:29:10] Lost connection to FBSD6.unrealircd.testnet[72.20.15.245]: SSL_read(): Underlying socket operation returned zero

Bock

2006-12-21 01:22

reporter   ~0012868

and? /me don't see bug in this case - error of OpenSSL is difficult to see ;]

I see:
 -win2003.unrealircd.testnet- *** LocOps -- Received SQUIT FBSD6.unrealircd.testnet from Bock|work[193.232.250.240] (@test!)

in other side:
 -FBSD6.unrealircd.testnet- Lost connection to win2003.unrealircd.testnet[195.222.64.143]: SSL_read(): Underlying socket operation returned zero

tcp-kill:
-win2003.unrealircd.testnet- Lost connection to FBSD6.unrealircd.testnet[72.20.15.245]: SSL_read(): Underlying syscall error
 -FBSD6.unrealircd.testnet- Lost connection to win2003.unrealircd.testnet[195.222.64.143]: SSL_read(): Underlying syscall error

syzop

2006-12-21 07:40

administrator   ~0012870

So ehm.. it gives an error? good then...

I don't understand.. what's the bug? :P

Bock

2006-12-21 07:59

reporter   ~0012872

/me don't see bug too :]

syzop

2006-12-21 08:54

administrator   ~0012873

or do you mean a better error *description* perhaps? yeah there's still room for improvement there.

basically what I fixed was that at least an error message is *shown* ;). Previously you could have seen no error at all (except with junk snomask), which was.. not good :P.

Bricker

2006-12-21 10:25

reporter   ~0012874

yeah, the description to me looks fucked up

syzop

2006-12-21 17:54

administrator   ~0012880

I've changed the title to "More descriptive SSL error messages (underlying syscall error, etc)" and will add it as a child to 3.2.7.

If this was an incorrect assumption (see also previous comments), then let me know.

Thanks.

vonitsanet

2006-12-21 19:44

reporter   ~0012882

"More descriptive SSL error messages"
Yep ;)

2010-08-26 05:03

 

ohnobinki

2010-08-26 05:08

reporter   ~0016317

unreal-3157-ssl-errno-condense.patch: This was originally written to get rid of code duplication between fatal_ssl_error() and ssl_error_str(). As a side-affect, calls to fatal_ssl_error() now get errno passed along. Unfortunately, it seems that even this isn't providing too much useful information:

:test.ohnopub.net NOTICE a :*** Notice -- Client connecting on port 6338: b (ohnobinki@localhost) [clients] [secure AES256-SHA]
:test.ohnopub.net NOTICE a :Exiting ssl client b[ohnobinki@127.0.0.1.36116]: SSL_read(): Underlying syscall error [Success]
:test.ohnopub.net NOTICE a :*** Notice -- Client exiting: b (ohnobinki@localhost) [Input/output error]

Reminds me of the ``Success'' socket error that clients quit with when not using SSL. I'm not too creative, maybe I could've simulated some more catastrophic disconnection which would display something other than ``Success''... or maybe errno is being trampled on before I store a copy of it. Oh, likely that Debug() function calls vsprintf...

2010-08-26 05:15

 

ohnobinki

2010-08-26 05:23

reporter   ~0016318

unreal-3157-ssl-errno-condense-r1.patch: This version supposedly saves errno before the Debug() call for SSL_read() and SSL_write() but I still don't get anything other than ``Success''. I guess this would potentially be more reliable... if it helps at all. I'm not sure how to generate an error other than ``success''.

syzop

2010-09-19 16:36

administrator   ~0016365

Added in .883:
- SSL errors are now more descriptive. In some cases, like server to server
  links it was still showing 'Underlying syscall error', this has now been
  replaced to show the actual (surprise!) underlying syscall error instead.
  Reported by vonitsanet, patch from ohnobinki (0003157).

Your patched works fine. I used 'tcpkill' (dsniff package, careful with it, though) to test it and it now shows the connection reset by peer message properly.
The only edit I did was replace the error entirely with the new error, instead of 'Underlying syscall error [error here]'.
Various code already did that, with some tricks, that are probably no longer needed, but ah well...
Basically user disconnects and connect() failures were already OK, but now disconnects when the server has been linked (like some time later) shows the proper error as well.... plus some other cases I guess...

Issue History

Date Modified Username Field Change
2006-12-20 21:08 vonitsanet New Issue
2006-12-20 21:11 Bricker Note Added: 0012865
2006-12-21 01:22 Bock Note Added: 0012868
2006-12-21 07:40 syzop Note Added: 0012870
2006-12-21 07:59 Bock Note Added: 0012872
2006-12-21 08:54 syzop Note Added: 0012873
2006-12-21 10:25 Bricker Note Added: 0012874
2006-12-21 17:54 syzop Note Added: 0012880
2006-12-21 17:54 syzop Summary Connection Errors. => More descriptive SSL error messages (underlying syscall error, etc)
2006-12-21 17:54 syzop Status new => acknowledged
2006-12-21 17:54 syzop Relationship added child of 0003111
2006-12-21 19:44 vonitsanet Note Added: 0012882
2007-05-17 03:22 stskeeps Relationship added has duplicate 0003342
2010-08-26 05:03 ohnobinki File Added: unreal-3157-ssl-errno-condense.patch
2010-08-26 05:08 ohnobinki Note Added: 0016317
2010-08-26 05:15 ohnobinki File Added: unreal-3157-ssl-errno-condense-r1.patch
2010-08-26 05:23 ohnobinki Note Added: 0016318
2010-09-19 16:36 syzop QA => Not touched yet by developer
2010-09-19 16:36 syzop U4: Need for upstream patch => No need for upstream InspIRCd patch
2010-09-19 16:36 syzop Note Added: 0016365
2010-09-19 16:36 syzop Status acknowledged => resolved
2010-09-19 16:36 syzop Resolution open => fixed
2010-09-19 16:36 syzop Assigned To => syzop