From e2f25558b9ec2ed70a92026870a46b5b68799ebf Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 21 Feb 2008 16:11:58 +0000
Subject: [PATCH]  r14362@31-33-219:  nickm | 2008-02-21 11:01:10 -0500  Change
 some of our log messages related to closed TLS connections in order to better
 reflect reality.

svn:r13657
---
 ChangeLog           |  4 ++++
 src/common/tortls.c |  9 +++------
 src/common/tortls.h | 14 +++++++++-----
 src/or/connection.c |  6 ++++--
 4 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c394661c28..25bba49dc8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -72,6 +72,10 @@ Changes in version 0.2.0.20-?? - 2008-02-??
     - Alter the code that tries to recover from unhandled write
       errors, to not try to flush onto a socket that's given us
       unhandled errors.  Bugfix on 0.1.2.x.
+    - Report TLS "zero return" case as a "clean close" and "IO error"
+      as a "close".  Stop calling closes "unexpected closes": existing
+      Tors don't use SSL_close(), so having a connection close without
+      the TLS shutdown handshake is hardly unexpected.
 
   o Code simplifications and refactoring:
     - Remove the tor_strpartition function: its logic was confused,
diff --git a/src/common/tortls.c b/src/common/tortls.c
index fb9b26a82a..2918ab288e 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -282,12 +282,9 @@ tor_tls_get_error(tor_tls_t *tls, int r, int extra,
     case SSL_ERROR_ZERO_RETURN:
       if (extra&CATCH_ZERO)
         return _TOR_TLS_ZERORETURN;
-      log(severity, LD_NET, "TLS error: Zero return");
+      log(severity, LD_NET, "TLS connection closed while %s", doing);
       tls_log_errors(tls, severity, doing);
-      /* XXXX020rc Actually, a 'zero return' error has a pretty specific
-       * meaning: the connection has been closed cleanly. -NM
-       * Great. Do something smart here then. :) -RD */
-      return TOR_TLS_ERROR_MISC;
+      return TOR_TLS_CLOSE;
     default:
       tls_log_errors(tls, severity, doing);
       return TOR_TLS_ERROR_MISC;
@@ -858,7 +855,7 @@ tor_tls_read(tor_tls_t *tls, char *cp, size_t len)
     return r;
   }
   err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG);
-  if (err == _TOR_TLS_ZERORETURN) {
+  if (err == _TOR_TLS_ZERORETURN || err == TOR_TLS_CLOSE) {
     log_debug(LD_NET,"read returned r=%d; TLS is closed",r);
     tls->state = TOR_TLS_ST_CLOSED;
     return TOR_TLS_CLOSE;
diff --git a/src/common/tortls.h b/src/common/tortls.h
index a93dcefaa4..52c8350fec 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -22,7 +22,7 @@ typedef struct tor_tls_t tor_tls_t;
 /* Possible return values for most tor_tls_* functions. */
 #define _MIN_TOR_TLS_ERROR_VAL     -9
 #define TOR_TLS_ERROR_MISC         -9
-/* Rename to unexpected close or something. XXXX */
+/* Rename to unexpected close or something. XXXX021 */
 #define TOR_TLS_ERROR_IO           -8
 #define TOR_TLS_ERROR_CONNREFUSED  -7
 #define TOR_TLS_ERROR_CONNRESET    -6
@@ -33,16 +33,20 @@ typedef struct tor_tls_t tor_tls_t;
 #define TOR_TLS_WANTWRITE          -1
 #define TOR_TLS_DONE                0
 
-/** Use this macro in a switch statement to catch _any_ TLS error.  That way,
- * if more errors are added, your switches will still work. */
-#define CASE_TOR_TLS_ERROR_ANY                  \
+/** DOCDOC XXXX021 also rename me. */
+#define CASE_TOR_TLS_ERROR_ANY_NONIO            \
   case TOR_TLS_ERROR_MISC:                      \
-  case TOR_TLS_ERROR_IO:                        \
   case TOR_TLS_ERROR_CONNREFUSED:               \
   case TOR_TLS_ERROR_CONNRESET:                 \
   case TOR_TLS_ERROR_NO_ROUTE:                  \
   case TOR_TLS_ERROR_TIMEOUT
 
+/** Use this macro in a switch statement to catch _any_ TLS error.  That way,
+ * if more errors are added, your switches will still work. */
+#define CASE_TOR_TLS_ERROR_ANY                  \
+  CASE_TOR_TLS_ERROR_ANY_NONIO:                 \
+  case TOR_TLS_ERROR_IO
+
 #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
 const char *tor_tls_err_to_string(int err);
 
diff --git a/src/or/connection.c b/src/or/connection.c
index 2c3cbab134..891c81a0e7 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -1945,12 +1945,14 @@ connection_read_to_buf(connection_t *conn, int *max_to_read)
 
     switch (result) {
       case TOR_TLS_CLOSE:
-        log_info(LD_NET,"TLS connection closed on read. Closing. "
+      case TOR_TLS_ERROR_IO:
+        log_info(LD_NET,"TLS connection closed %son read. Closing. "
                  "(Nickname %s, address %s",
+                 result == TOR_TLS_CLOSE ? "cleanly " : "",
                  or_conn->nickname ? or_conn->nickname : "not set",
                  conn->address);
         return result;
-      CASE_TOR_TLS_ERROR_ANY:
+      CASE_TOR_TLS_ERROR_ANY_NONIO:
         log_info(LD_NET,"tls error [%s]. breaking (nickname %s, address %s).",
                  tor_tls_err_to_string(result),
                  or_conn->nickname ? or_conn->nickname : "not set",