nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ticket32622_044_squashed' into maint-0.4.4

Browse Source
This commit is contained in:
Nick Mathewson 2020-07-02 10:14:55 -04:00
commit 18fa53fdf4
9 changed files with 62 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
changes/ticket32622 Normal file
View File

@ -0,0 +1,5 @@
o Minor features (bootstrap reporting):
- Report more detailed reasons for bootstrap failure when the failure
happens due to a TLS error. Previously we would just call these errors
"MISC" when they happened during read, and "DONE" when they
happened during any other TLS operation. Closes ticket 32622.

1
src/core/mainloop/connection.c
View File

@ -4205,6 +4205,7 @@ connection_handle_write_impl(connection_t *conn, int force)
switch (result) { switch (result) {
CASE_TOR_TLS_ERROR_ANY: CASE_TOR_TLS_ERROR_ANY:
case TOR_TLS_CLOSE: case TOR_TLS_CLOSE:
or_conn->tls_error = result;
log_info(LD_NET, result != TOR_TLS_CLOSE ? log_info(LD_NET, result != TOR_TLS_CLOSE ?
"tls error. breaking.":"TLS connection closed on flush"); "tls error. breaking.":"TLS connection closed on flush");
/* Don't flush; connection is dead. */ /* Don't flush; connection is dead. */

18
src/core/or/connection_or.c
View File

@ -745,10 +745,16 @@ connection_or_about_to_close(or_connection_t *or_conn)
int reason = tls_error_to_orconn_end_reason(or_conn->tls_error); int reason = tls_error_to_orconn_end_reason(or_conn->tls_error);
connection_or_event_status(or_conn, OR_CONN_EVENT_FAILED, connection_or_event_status(or_conn, OR_CONN_EVENT_FAILED,
reason); reason);
if (!authdir_mode_tests_reachability(options)) if (!authdir_mode_tests_reachability(options)) {
control_event_bootstrap_prob_or( const char *warning = NULL;
orconn_end_reason_to_control_string(reason), if (reason == END_OR_CONN_REASON_TLS_ERROR && or_conn->tls) {
reason, or_conn); warning = tor_tls_get_last_error_msg(or_conn->tls);
}
if (warning == NULL) {
warning = orconn_end_reason_to_control_string(reason);
}
control_event_bootstrap_prob_or(warning, reason, or_conn);
}
} }
} }
} else if (conn->hold_open_until_flushed) { } else if (conn->hold_open_until_flushed) {
@ -1692,7 +1698,8 @@ connection_tls_continue_handshake(or_connection_t *conn)
switch (result) { switch (result) {
CASE_TOR_TLS_ERROR_ANY: CASE_TOR_TLS_ERROR_ANY:
log_info(LD_OR,"tls error [%s]. breaking connection.", conn->tls_error = result;
log_info(LD_OR,"tls error [%s]. breaking connection.",
tor_tls_err_to_string(result)); tor_tls_err_to_string(result));
return -1; return -1;
case TOR_TLS_DONE: case TOR_TLS_DONE:
@ -1724,6 +1731,7 @@ connection_tls_continue_handshake(or_connection_t *conn)
log_debug(LD_OR,"wanted read"); log_debug(LD_OR,"wanted read");
return 0; return 0;
case TOR_TLS_CLOSE: case TOR_TLS_CLOSE:
conn->tls_error = result;
log_info(LD_OR,"tls closed. breaking connection."); log_info(LD_OR,"tls closed. breaking connection.");
return -1; return -1;
} }

3
src/core/or/or.h
View File

@ -220,7 +220,8 @@ struct curve25519_public_key_t;
#define END_OR_CONN_REASON_IO_ERROR 7 /* read/write error */ #define END_OR_CONN_REASON_IO_ERROR 7 /* read/write error */
#define END_OR_CONN_REASON_RESOURCE_LIMIT 8 /* sockets, buffers, etc */ #define END_OR_CONN_REASON_RESOURCE_LIMIT 8 /* sockets, buffers, etc */
#define END_OR_CONN_REASON_PT_MISSING 9 /* PT failed or not available */ #define END_OR_CONN_REASON_PT_MISSING 9 /* PT failed or not available */
#define END_OR_CONN_REASON_MISC 10 #define END_OR_CONN_REASON_TLS_ERROR 10 /* Problem in TLS protocol */
#define END_OR_CONN_REASON_MISC 11
/* Reasons why we (or a remote OR) might close a stream. See tor-spec.txt for /* Reasons why we (or a remote OR) might close a stream. See tor-spec.txt for
* documentation of these. The values must match. */ * documentation of these. The values must match. */

4
src/core/or/reasons.c
View File

@ -244,6 +244,8 @@ orconn_end_reason_to_control_string(int r)
return "IOERROR"; return "IOERROR";
case END_OR_CONN_REASON_RESOURCE_LIMIT: case END_OR_CONN_REASON_RESOURCE_LIMIT:
return "RESOURCELIMIT"; return "RESOURCELIMIT";
case END_OR_CONN_REASON_TLS_ERROR:
return "TLS_ERROR";
case END_OR_CONN_REASON_MISC: case END_OR_CONN_REASON_MISC:
return "MISC"; return "MISC";
case END_OR_CONN_REASON_PT_MISSING: case END_OR_CONN_REASON_PT_MISSING:
@ -276,6 +278,8 @@ tls_error_to_orconn_end_reason(int e)
case TOR_TLS_CLOSE: case TOR_TLS_CLOSE:
case TOR_TLS_DONE: case TOR_TLS_DONE:
return END_OR_CONN_REASON_DONE; return END_OR_CONN_REASON_DONE;
case TOR_TLS_ERROR_MISC:
return END_OR_CONN_REASON_TLS_ERROR;
default: default:
return END_OR_CONN_REASON_MISC; return END_OR_CONN_REASON_MISC;
} }

1
src/lib/tls/tortls.h
View File

@ -81,6 +81,7 @@ void tor_tls_free_all(void);
void tor_tls_init(void); void tor_tls_init(void);
void tls_log_errors(tor_tls_t *tls, int severity, int domain, void tls_log_errors(tor_tls_t *tls, int severity, int domain,
const char *doing); const char *doing);
const char *tor_tls_get_last_error_msg(const tor_tls_t *tls);
int tor_tls_context_init(unsigned flags, int tor_tls_context_init(unsigned flags,
crypto_pk_t *client_identity, crypto_pk_t *client_identity,
crypto_pk_t *server_identity, crypto_pk_t *server_identity,

13
src/lib/tls/tortls_nss.c
View File

@ -369,6 +369,8 @@ tls_log_errors(tor_tls_t *tls, int severity, int domain,
(void)tls; (void)tls;
PRErrorCode code = PORT_GetError(); PRErrorCode code = PORT_GetError();
if (tls)
tls->last_error = code;
const char *addr = tls ? tls->address : NULL; const char *addr = tls ? tls->address : NULL;
const char *string = PORT_ErrorToString(code); const char *string = PORT_ErrorToString(code);
@ -391,6 +393,17 @@ tls_log_errors(tor_tls_t *tls, int severity, int domain,
with, addr); with, addr);
} }
} }
const char *
tor_tls_get_last_error_msg(const tor_tls_t *tls)
{
IF_BUG_ONCE(!tls) {
return NULL;
}
if (tls->last_error == 0) {
return NULL;
}
return PORT_ErrorToString((PRErrorCode)tls->last_error);
}
tor_tls_t * tor_tls_t *
tor_tls_new(tor_socket_t sock, int is_server) tor_tls_new(tor_socket_t sock, int is_server)

20
src/lib/tls/tortls_openssl.c
View File

@ -245,10 +245,30 @@ tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing)
unsigned long err; unsigned long err;
while ((err = ERR_get_error()) != 0) { while ((err = ERR_get_error()) != 0) {
if (tls)
tls->last_error = err;
tor_tls_log_one_error(tls, err, severity, domain, doing); tor_tls_log_one_error(tls, err, severity, domain, doing);
} }
} }
/**
* Return a string representing more detail about the last error received
* on TLS.
*
* May return null if no error was found.
**/
const char *
tor_tls_get_last_error_msg(const tor_tls_t *tls)
{
IF_BUG_ONCE(!tls) {
return NULL;
}
if (tls->last_error == 0) {
return NULL;
}
return (const char*)ERR_reason_error_string(tls->last_error);
}
#define CATCH_SYSCALL 1 #define CATCH_SYSCALL 1
#define CATCH_ZERO 2 #define CATCH_ZERO 2

3
src/lib/tls/tortls_st.h
View File

@ -67,6 +67,8 @@ struct tor_tls_t {
*/ */
unsigned long last_write_count; unsigned long last_write_count;
unsigned long last_read_count; unsigned long last_read_count;
/** Most recent error value from ERR_get_error(). */
unsigned long last_error;
/** If set, a callback to invoke whenever the client tries to renegotiate /** If set, a callback to invoke whenever the client tries to renegotiate
* the handshake. */ * the handshake. */
void (*negotiated_callback)(tor_tls_t *tls, void *arg); void (*negotiated_callback)(tor_tls_t *tls, void *arg);
@ -77,6 +79,7 @@ struct tor_tls_t {
/** Last values retried from tor_get_prfiledesc_byte_counts(). */ /** Last values retried from tor_get_prfiledesc_byte_counts(). */
uint64_t last_write_count; uint64_t last_write_count;
uint64_t last_read_count; uint64_t last_read_count;
long last_error;
#endif #endif
}; };