From 7408a04e740e9b54747bb6333ee9f9ecd098e958 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 28 Apr 2015 17:55:27 +0200 Subject: Fix SSL mode :) --- Makefile | 5 +++-- openssl.c | 7 ++++++- openssl.h | 2 +- proxy.c | 4 +++- server.c | 4 +++- 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 52d6a19..1071bf2 100644 --- a/Makefile +++ b/Makefile @@ -26,11 +26,12 @@ scan_ldapsearchfilterstring.o free_ldapsearchresultentry.o \ fmt_ldapsearchfilterstring.o ldap_match_sre.o \ fmt_ldapdeleterequest.o scan_ldapdeleterequest.o normalize_dn.o -CC=gcc +CC?=gcc CFLAGS=-g -pipe -W -Wall -Wextra -std=gnu99 -Wno-unused-parameter #CC=clang #CFLAGS=-g -pipe -fsanitize=address -O1 -fno-omit-frame-pointer -W -Wall -Wextra -std=gnu99 -Wno-unused-parameter -LIBS+=-lowfat -lssl -lcrypto + +LIBS+=-g -lowfat -lssl -lcrypto %.o: %.c $(CC) $(CFLAGS) -c $< diff --git a/openssl.c b/openssl.c index c8e4142..47acd83 100644 --- a/openssl.c +++ b/openssl.c @@ -93,9 +93,14 @@ BOOL ssl_connectServer(epoll_server_t *server) server->sslConnected = TRUE; return TRUE; } - if (ret < 0) { + if (ret <= 0) { int err = SSL_get_error(server->ssl, ret); if (SSL_BLOCKED(err)) return TRUE; + if (err == SSL_ERROR_SSL) { + ssl_printErrors(NULL); + } else { + printf("SSL Unknown error %d\n", err); + } } return FALSE; } diff --git a/openssl.h b/openssl.h index a37c58e..bde6ef4 100644 --- a/openssl.h +++ b/openssl.h @@ -5,7 +5,7 @@ #include #include -#define SSL_BLOCKED(err) ((err) == SSL_ERROR_WANT_READ || (err) == SSL_ERROR_WANT_WRITE || (err) == SSL_ERROR_WANT_X509_LOOKUP) +#define SSL_BLOCKED(err) ((err) == SSL_ERROR_WANT_READ || (err) == SSL_ERROR_WANT_WRITE || (err) == SSL_ERROR_WANT_X509_LOOKUP || (err) == SSL_ERROR_WANT_CONNECT || (err) == SSL_ERROR_WANT_ACCEPT) void ssl_printErrors(char *bailMsg); diff --git a/proxy.c b/proxy.c index 22fbdbf..5bfbac7 100644 --- a/proxy.c +++ b/proxy.c @@ -176,7 +176,9 @@ BOOL proxy_fromServer(epoll_server_t *server, const size_t maxLen) unsigned long messageId, op; size_t len; const size_t res = scan_ldapmessage(server->readBuffer, server->readBuffer + maxLen, &messageId, &op, &len); - if (res == 0) return FALSE; + if (res == 0) { + return FALSE; + } printf("[AD] scan_ldapmessage: Consumed %d, remaining length %d, id %lu, op %lu\n", (int)res, (int)len, messageId, op); switch (op) { case BindResponse: diff --git a/server.c b/server.c index 5ec6148..24090f9 100644 --- a/server.c +++ b/server.c @@ -343,7 +343,7 @@ static void server_haveIn(epoll_server_t *server) if (consumed == 0) break; // Length-Header not complete len += consumed; if (len > server->rbPos) break; // Body not complete - printf("[AD] Received complete reply...\n"); + printf("[AD] Received complete reply (need %d, have %d)...\n", (int)len, (int)server->rbPos); if (!proxy_fromServer(server, len)) { if (server->dynamic) { server->kill = TRUE; @@ -416,6 +416,8 @@ static void server_haveOut(epoll_server_t * const server) if (SSL_BLOCKED(err)) { server->writeBlocked = TRUE; return; // Blocking + } else if (err == SSL_ERROR_SSL) { + ssl_printErrors(NULL); } printf("SSL server gone while sending (%d)\n", err); ERR_print_errors_fp(stdout); -- cgit v1.2.3-55-g7522