From 7408a04e740e9b54747bb6333ee9f9ecd098e958 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 28 Apr 2015 17:55:27 +0200
Subject: Fix SSL mode :)

---
 Makefile  | 5 +++--
 openssl.c | 7 ++++++-
 openssl.h | 2 +-
 proxy.c   | 4 +++-
 server.c  | 4 +++-
 5 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 52d6a19..1071bf2 100644
--- a/Makefile
+++ b/Makefile
@@ -26,11 +26,12 @@ scan_ldapsearchfilterstring.o free_ldapsearchresultentry.o \
 fmt_ldapsearchfilterstring.o ldap_match_sre.o \
 fmt_ldapdeleterequest.o scan_ldapdeleterequest.o normalize_dn.o
 
-CC=gcc
+CC?=gcc
 CFLAGS=-g -pipe -W -Wall -Wextra -std=gnu99 -Wno-unused-parameter
 #CC=clang
 #CFLAGS=-g -pipe -fsanitize=address -O1 -fno-omit-frame-pointer -W -Wall -Wextra -std=gnu99 -Wno-unused-parameter
-LIBS+=-lowfat -lssl -lcrypto
+
+LIBS+=-g -lowfat -lssl -lcrypto
 
 %.o: %.c
 	$(CC) $(CFLAGS) -c $<
diff --git a/openssl.c b/openssl.c
index c8e4142..47acd83 100644
--- a/openssl.c
+++ b/openssl.c
@@ -93,9 +93,14 @@ BOOL ssl_connectServer(epoll_server_t *server)
 		server->sslConnected = TRUE;
 		return TRUE;
 	}
-	if (ret < 0) {
+	if (ret <= 0) {
 		int err = SSL_get_error(server->ssl, ret);
 		if (SSL_BLOCKED(err)) return TRUE;
+		if (err == SSL_ERROR_SSL) {
+			ssl_printErrors(NULL);
+		} else {
+			printf("SSL Unknown error %d\n", err);
+		}
 	}
 	return FALSE;
 }
diff --git a/openssl.h b/openssl.h
index a37c58e..bde6ef4 100644
--- a/openssl.h
+++ b/openssl.h
@@ -5,7 +5,7 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 
-#define SSL_BLOCKED(err) ((err) == SSL_ERROR_WANT_READ || (err) == SSL_ERROR_WANT_WRITE || (err) == SSL_ERROR_WANT_X509_LOOKUP)
+#define SSL_BLOCKED(err) ((err) == SSL_ERROR_WANT_READ || (err) == SSL_ERROR_WANT_WRITE || (err) == SSL_ERROR_WANT_X509_LOOKUP || (err) == SSL_ERROR_WANT_CONNECT || (err) == SSL_ERROR_WANT_ACCEPT)
 
 void ssl_printErrors(char *bailMsg);
 
diff --git a/proxy.c b/proxy.c
index 22fbdbf..5bfbac7 100644
--- a/proxy.c
+++ b/proxy.c
@@ -176,7 +176,9 @@ BOOL proxy_fromServer(epoll_server_t *server, const size_t maxLen)
 	unsigned long messageId, op;
 	size_t len;
 	const size_t res = scan_ldapmessage(server->readBuffer, server->readBuffer + maxLen, &messageId, &op, &len);
-	if (res == 0) return FALSE;
+	if (res == 0) {
+		return FALSE;
+	}
 	printf("[AD] scan_ldapmessage: Consumed %d, remaining length %d, id %lu, op %lu\n", (int)res, (int)len, messageId, op);
 	switch (op) {
 	case BindResponse:
diff --git a/server.c b/server.c
index 5ec6148..24090f9 100644
--- a/server.c
+++ b/server.c
@@ -343,7 +343,7 @@ static void server_haveIn(epoll_server_t *server)
 			if (consumed == 0) break; // Length-Header not complete
 			len += consumed;
 			if (len > server->rbPos) break; // Body not complete
-			printf("[AD] Received complete reply...\n");
+			printf("[AD] Received complete reply (need %d, have %d)...\n", (int)len, (int)server->rbPos);
 			if (!proxy_fromServer(server, len)) {
 				if (server->dynamic) {
 					server->kill = TRUE;
@@ -416,6 +416,8 @@ static void server_haveOut(epoll_server_t * const server)
 				if (SSL_BLOCKED(err)) {
 					server->writeBlocked = TRUE;
 					return; // Blocking
+				} else if (err == SSL_ERROR_SSL) {
+					ssl_printErrors(NULL);
 				}
 				printf("SSL server gone while sending (%d)\n", err);
 				ERR_print_errors_fp(stdout);
-- 
cgit v1.2.3-55-g7522