summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile5
-rw-r--r--openssl.c7
-rw-r--r--openssl.h2
-rw-r--r--proxy.c4
-rw-r--r--server.c4
5 files changed, 16 insertions, 6 deletions
diff --git a/Makefile b/Makefile
index 52d6a19..1071bf2 100644
--- a/Makefile
+++ b/Makefile
@@ -26,11 +26,12 @@ scan_ldapsearchfilterstring.o free_ldapsearchresultentry.o \
fmt_ldapsearchfilterstring.o ldap_match_sre.o \
fmt_ldapdeleterequest.o scan_ldapdeleterequest.o normalize_dn.o
-CC=gcc
+CC?=gcc
CFLAGS=-g -pipe -W -Wall -Wextra -std=gnu99 -Wno-unused-parameter
#CC=clang
#CFLAGS=-g -pipe -fsanitize=address -O1 -fno-omit-frame-pointer -W -Wall -Wextra -std=gnu99 -Wno-unused-parameter
-LIBS+=-lowfat -lssl -lcrypto
+
+LIBS+=-g -lowfat -lssl -lcrypto
%.o: %.c
$(CC) $(CFLAGS) -c $<
diff --git a/openssl.c b/openssl.c
index c8e4142..47acd83 100644
--- a/openssl.c
+++ b/openssl.c
@@ -93,9 +93,14 @@ BOOL ssl_connectServer(epoll_server_t *server)
server->sslConnected = TRUE;
return TRUE;
}
- if (ret < 0) {
+ if (ret <= 0) {
int err = SSL_get_error(server->ssl, ret);
if (SSL_BLOCKED(err)) return TRUE;
+ if (err == SSL_ERROR_SSL) {
+ ssl_printErrors(NULL);
+ } else {
+ printf("SSL Unknown error %d\n", err);
+ }
}
return FALSE;
}
diff --git a/openssl.h b/openssl.h
index a37c58e..bde6ef4 100644
--- a/openssl.h
+++ b/openssl.h
@@ -5,7 +5,7 @@
#include <openssl/ssl.h>
#include <openssl/err.h>
-#define SSL_BLOCKED(err) ((err) == SSL_ERROR_WANT_READ || (err) == SSL_ERROR_WANT_WRITE || (err) == SSL_ERROR_WANT_X509_LOOKUP)
+#define SSL_BLOCKED(err) ((err) == SSL_ERROR_WANT_READ || (err) == SSL_ERROR_WANT_WRITE || (err) == SSL_ERROR_WANT_X509_LOOKUP || (err) == SSL_ERROR_WANT_CONNECT || (err) == SSL_ERROR_WANT_ACCEPT)
void ssl_printErrors(char *bailMsg);
diff --git a/proxy.c b/proxy.c
index 22fbdbf..5bfbac7 100644
--- a/proxy.c
+++ b/proxy.c
@@ -176,7 +176,9 @@ BOOL proxy_fromServer(epoll_server_t *server, const size_t maxLen)
unsigned long messageId, op;
size_t len;
const size_t res = scan_ldapmessage(server->readBuffer, server->readBuffer + maxLen, &messageId, &op, &len);
- if (res == 0) return FALSE;
+ if (res == 0) {
+ return FALSE;
+ }
printf("[AD] scan_ldapmessage: Consumed %d, remaining length %d, id %lu, op %lu\n", (int)res, (int)len, messageId, op);
switch (op) {
case BindResponse:
diff --git a/server.c b/server.c
index 5ec6148..24090f9 100644
--- a/server.c
+++ b/server.c
@@ -343,7 +343,7 @@ static void server_haveIn(epoll_server_t *server)
if (consumed == 0) break; // Length-Header not complete
len += consumed;
if (len > server->rbPos) break; // Body not complete
- printf("[AD] Received complete reply...\n");
+ printf("[AD] Received complete reply (need %d, have %d)...\n", (int)len, (int)server->rbPos);
if (!proxy_fromServer(server, len)) {
if (server->dynamic) {
server->kill = TRUE;
@@ -416,6 +416,8 @@ static void server_haveOut(epoll_server_t * const server)
if (SSL_BLOCKED(err)) {
server->writeBlocked = TRUE;
return; // Blocking
+ } else if (err == SSL_ERROR_SSL) {
+ ssl_printErrors(NULL);
}
printf("SSL server gone while sending (%d)\n", err);
ERR_print_errors_fp(stdout);