if (result <= 0) {
#elif USE_GNUTLS
auto session = fd_table[fd].ssl.get();
- debugs(83, 5, "gnutls_handshake session=" << (void*)session);
const int result = gnutls_handshake(session);
+ debugs(83, 5, "gnutls_handshake session=" << (void*)session << ", result=" << result);
+
+ if (result == GNUTLS_E_SUCCESS) {
+ char *desc = gnutls_session_get_desc(session);
+ debugs(83, 2, serverConnection() << " TLS Session info: " << desc);
+ gnutls_free(desc);
+ }
+
if (result != GNUTLS_E_SUCCESS) {
- debugs(83, 5, "gnutls_handshake session=" << (void*)session << ", result=" << result);
+ // debug the TLS session state so far
+ auto descIn = gnutls_handshake_get_last_in(session);
+ debugs(83, 2, "handshake IN: " << gnutls_handshake_description_get_name(descIn));
+ auto descOut = gnutls_handshake_get_last_out(session);
+ debugs(83, 2, "handshake OUT: " << gnutls_handshake_description_get_name(descOut));
#else
if (const int result = -1) {
#endif
switch (ret) {
case GNUTLS_E_WARNING_ALERT_RECEIVED: {
- auto alert = gnutls_alert_get(session.get());
- debugs(83, DBG_IMPORTANT, "TLS ALERT: " << gnutls_alert_get_name(alert));
- }
- // drop through to next case
+ auto alert = gnutls_alert_get(session.get());
+ debugs(83, DBG_IMPORTANT, "TLS ALERT: " << gnutls_alert_get_name(alert));
+ }
+ // drop through to next case
case GNUTLS_E_AGAIN:
case GNUTLS_E_INTERRUPTED:
if (gnutls_record_get_direction(session.get()) == 0)
- noteWantWrite();
- else
noteWantRead();
+ else
+ noteWantWrite();
return;
default:
Security::PeerConnector::noteWantRead()
{
const int fd = serverConnection()->fd;
- debugs(83, 5, "FD " << fd);
+ debugs(83, 5, serverConnection());
#if USE_OPENSSL
Security::SessionPointer session(fd_table[fd].ssl);
BIO *b = SSL_get_rbio(session.get());
Security::PeerConnector::noteWantWrite()
{
const int fd = serverConnection()->fd;
- debugs(83, 5, "FD " << fd);
+ debugs(83, 5, serverConnection());
Comm::SetSelect(fd, COMM_SELECT_WRITE, &NegotiateSsl, this, 0);
return;
}
": " << Security::ErrorString(ssl_lib_error) << " (" <<
ssl_error << "/" << ret << "/" << xerr << ")");
- ErrorState *anErr = NULL;
- if (request != NULL)
- anErr = ErrorState::NewForwarding(ERR_SECURE_CONNECT_FAIL, request.getRaw());
- else
- anErr = new ErrorState(ERR_SECURE_CONNECT_FAIL, Http::scServiceUnavailable, NULL);
+ ErrorState *anErr = ErrorState::NewForwarding(ERR_SECURE_CONNECT_FAIL, request);
anErr->xerrno = sysErrNo;
#if USE_OPENSSL
// the recepient before the fd-closure notification), but we would rather
// minimize the number of fd-closure notifications and let the recepient
// manage the TCP state of the connection.
-
-#if USE_GNUTLS
- // but we do need to release the bad TLS related details in fd_table
- // ... or GnuTLS will SEGFAULT.
- const int fd = serverConnection()->fd;
- Security::SessionClose(fd_table[fd].ssl, fd);
-#endif
}
void
PeerConnectorCertDownloaderDialer(&Security::PeerConnector::certDownloadingDone, this));
const Downloader *csd = (request ? dynamic_cast<const Downloader*>(request->downloader.valid()) : nullptr);
- Downloader *dl = new Downloader(url, certCallback, csd ? csd->nestedLevel() + 1 : 1);
+ Downloader *dl = new Downloader(url, certCallback, XactionInitiator::initCertFetcher, csd ? csd->nestedLevel() + 1 : 1);
AsyncJob::Start(dl);
}
projects / thirdparty / squid.git / blobdiff