[Pkg-voip-commits] [asterisk] 01/05: ASTERISK-26606.patch: from branch 13 in git

tzafrir at debian.org tzafrir at debian.org
Fri Dec 29 21:56:48 UTC 2017 

This is an automated email from the git hooks/post-receive script.

tzafrir pushed a commit to branch stretch
in repository asterisk.

commit d3a0a3d4c928fafc07341c3ae1606f2bd0acaeb6
Author: Tzafrir Cohen <tzafrir at debian.org>
Date:   Sat Dec 16 07:39:10 2017 +0200

    ASTERISK-26606.patch: from branch 13 in git
---
 debian/patches/ASTERISK-26606.patch | 165 ++++++++++++++++++++++++++++++++++++
 1 file changed, 165 insertions(+)

diff --git a/debian/patches/ASTERISK-26606.patch b/debian/patches/ASTERISK-26606.patch
new file mode 100644
index 0000000..d054fc7
--- /dev/null
+++ b/debian/patches/ASTERISK-26606.patch
@@ -0,0 +1,165 @@
+From 6fba0a41f06c257032e572f1876b51c19ef54b6a Mon Sep 17 00:00:00 2001
+From: Joshua Colp <jcolp at digium.com>
+Date: Tue, 9 May 2017 15:34:49 +0000
+Subject: [PATCH] tcptls: Improve error messages for TLS connections.
+
+This change uses the functions provided by OpenSSL to query
+and better construct error messages for situations where
+the connection encounters a problem.
+
+ASTERISK-26606
+
+Change-Id: I7ae40ce88c0dc4e185c4df1ceb3a6ccc198f075b
+---
+ main/tcptls.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 59 insertions(+), 8 deletions(-)
+
+diff --git a/main/tcptls.c b/main/tcptls.c
+index 3fd3c53122..7e09e66611 100644
+--- a/main/tcptls.c
++++ b/main/tcptls.c
+@@ -83,6 +83,39 @@ struct ast_tcptls_stream {
+ 	int exclusive_input;
+ };
+ 
++#if defined(DO_SSL)
++AST_THREADSTORAGE(err2str_threadbuf);
++#define ERR2STR_BUFSIZE   128
++
++static const char *ssl_error_to_string(int sslerr, int ret)
++{
++	switch (sslerr) {
++	case SSL_ERROR_SSL:
++		return "Internal SSL error";
++	case SSL_ERROR_SYSCALL:
++		if (!ret) {
++			return "System call EOF";
++		} else if (ret == -1) {
++			char *buf;
++
++			buf = ast_threadstorage_get(&err2str_threadbuf, ERR2STR_BUFSIZE);
++			if (!buf) {
++				return "Unknown";
++			}
++
++			snprintf(buf, ERR2STR_BUFSIZE, "Underlying BIO error: %s", strerror(errno));
++			return buf;
++		} else {
++			return "System call other";
++		}
++	default:
++		break;
++	}
++
++	return "Unknown";
++}
++#endif
++
+ void ast_tcptls_stream_set_timeout_disable(struct ast_tcptls_stream *stream)
+ {
+ 	ast_assert(stream != NULL);
+@@ -151,12 +184,17 @@ static HOOK_T tcptls_stream_read(void *cookie, char *buf, LEN_T size)
+ #if defined(DO_SSL)
+ 	if (stream->ssl) {
+ 		for (;;) {
++			int sslerr;
++			char err[256];
++
+ 			res = SSL_read(stream->ssl, buf, size);
+ 			if (0 < res) {
+ 				/* We read some payload data. */
+ 				return res;
+ 			}
+-			switch (SSL_get_error(stream->ssl, res)) {
++
++			sslerr = SSL_get_error(stream->ssl, res);
++			switch (sslerr) {
+ 			case SSL_ERROR_ZERO_RETURN:
+ 				/* Report EOF for a shutdown */
+ 				ast_debug(1, "TLS clean shutdown alert reading data\n");
+@@ -204,7 +242,8 @@ static HOOK_T tcptls_stream_read(void *cookie, char *buf, LEN_T size)
+ 				break;
+ 			default:
+ 				/* Report EOF for an undecoded SSL or transport error. */
+-				ast_debug(1, "TLS transport or SSL error reading data\n");
++				ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err),
++					ssl_error_to_string(sslerr, res));
+ 				return 0;
+ 			}
+ 			if (!ms) {
+@@ -279,6 +318,9 @@ static HOOK_T tcptls_stream_write(void *cookie, const char *buf, LEN_T size)
+ 		written = 0;
+ 		remaining = size;
+ 		for (;;) {
++			int sslerr;
++			char err[256];
++
+ 			res = SSL_write(stream->ssl, buf + written, remaining);
+ 			if (res == remaining) {
+ 				/* Everything was written. */
+@@ -290,7 +332,8 @@ static HOOK_T tcptls_stream_write(void *cookie, const char *buf, LEN_T size)
+ 				remaining -= res;
+ 				continue;
+ 			}
+-			switch (SSL_get_error(stream->ssl, res)) {
++			sslerr = SSL_get_error(stream->ssl, res);
++			switch (sslerr) {
+ 			case SSL_ERROR_ZERO_RETURN:
+ 				ast_debug(1, "TLS clean shutdown alert writing data\n");
+ 				if (written) {
+@@ -319,7 +362,8 @@ static HOOK_T tcptls_stream_write(void *cookie, const char *buf, LEN_T size)
+ 				break;
+ 			default:
+ 				/* Undecoded SSL or transport error. */
+-				ast_debug(1, "TLS transport or SSL error writing data\n");
++				ast_debug(1, "TLS transport or SSL error writing data: %s, %s\n", ERR_error_string(sslerr, err),
++					ssl_error_to_string(sslerr, res));
+ 				if (written) {
+ 					/* Report partial write. */
+ 					return written;
+@@ -396,8 +440,11 @@ static int tcptls_stream_close(void *cookie)
+ 			 */
+ 			res = SSL_shutdown(stream->ssl);
+ 			if (res < 0) {
+-				ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n",
+-					SSL_get_error(stream->ssl, res));
++				int sslerr = SSL_get_error(stream->ssl, res);
++				char err[256];
++
++				ast_log(LOG_ERROR, "SSL_shutdown() failed: %s, %s\n",
++					ERR_error_string(sslerr, err), ssl_error_to_string(sslerr, res));
+ 			}
+ 
+ #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+@@ -589,6 +636,7 @@ static int check_tcptls_cert_name(ASN1_STRING *cert_str, const char *hostname, c
+ 
+ 	return ret;
+ }
++
+ #endif
+ 
+ /*! \brief
+@@ -604,7 +652,6 @@ static void *handle_tcptls_connection(void *data)
+ #ifdef DO_SSL
+ 	int (*ssl_setup)(SSL *) = (tcptls_session->client) ? SSL_connect : SSL_accept;
+ 	int ret;
+-	char err[256];
+ #endif
+ 
+ 	/* TCP/TLS connections are associated with external protocols, and
+@@ -642,7 +689,11 @@ static void *handle_tcptls_connection(void *data)
+ 	else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) {
+ 		SSL_set_fd(tcptls_session->ssl, tcptls_session->fd);
+ 		if ((ret = ssl_setup(tcptls_session->ssl)) <= 0) {
+-			ast_log(LOG_ERROR, "Problem setting up ssl connection: %s\n", ERR_error_string(ERR_get_error(), err));
++			char err[256];
++			int sslerr = SSL_get_error(tcptls_session->ssl, ret);
++
++			ast_log(LOG_ERROR, "Problem setting up ssl connection: %s, %s\n", ERR_error_string(sslerr, err),
++				ssl_error_to_string(sslerr, ret));
+ 		} else if ((tcptls_session->f = tcptls_stream_fopen(tcptls_session->stream_cookie,
+ 			tcptls_session->ssl, tcptls_session->fd, -1))) {
+ 			if ((tcptls_session->client && !ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_DONT_VERIFY_SERVER))
+-- 
+2.11.0
+

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/asterisk.git

More information about the Pkg-voip-commits mailing list