From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 11 Apr 2019 15:04:32 +0000 (+0000)
Subject: - Squelch SSL read and write connection reset by peer and broken pipe
X-Git-Tag: final-svn-state~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c8a56bfa8fe957b8a7d10035875dd897b3fdc5c3;p=thirdparty%2Funbound.git

- Squelch SSL read and write connection reset by peer and broken pipe
  messages.  Verbosity 2 and higher enables them.


git-svn-id: file:///svn/unbound/trunk@5158 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 253a1429f..acaa42b9b 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -7,6 +7,8 @@
 	  SOA serial probes.  This fixes that probes fail because earlier
 	  probe addresses are unreachable.
 	- Fix that auth zone fails over to next master for timeout in tcp.
+	- Squelch SSL read and write connection reset by peer and broken pipe 
+	  messages.  Verbosity 2 and higher enables them.
 
 8 April 2019: Wouter
 	- Fix to use event_assign with libevent for thread-safety.
diff --git a/util/netevent.c b/util/netevent.c
index 65ada7f7a..17b3f2a49 100644
--- a/util/netevent.c
+++ b/util/netevent.c
@@ -1192,6 +1192,10 @@ ssl_handle_read(struct comm_point* c)
 				comm_point_listen_for_rw(c, 0, 1);
 				return 1;
 			} else if(want == SSL_ERROR_SYSCALL) {
+#ifdef ECONNRESET
+				if(errno == ECONNRESET && verbosity < 2)
+					return 0; /* silence reset by peer */
+#endif
 				if(errno != 0)
 					log_err("SSL_read syscall: %s",
 						strerror(errno));
@@ -1236,6 +1240,10 @@ ssl_handle_read(struct comm_point* c)
 				comm_point_listen_for_rw(c, 0, 1);
 				return 1;
 			} else if(want == SSL_ERROR_SYSCALL) {
+#ifdef ECONNRESET
+				if(errno == ECONNRESET && verbosity < 2)
+					return 0; /* silence reset by peer */
+#endif
 				if(errno != 0)
 					log_err("SSL_read syscall: %s",
 						strerror(errno));
@@ -1303,6 +1311,10 @@ ssl_handle_write(struct comm_point* c)
 				ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE);
 				return 1; /* write more later */
 			} else if(want == SSL_ERROR_SYSCALL) {
+#ifdef EPIPE
+				if(errno == EPIPE && verbosity < 2)
+					return 0; /* silence 'broken pipe' */
+#endif
 				if(errno != 0)
 					log_err("SSL_write syscall: %s",
 						strerror(errno));
@@ -1337,6 +1349,10 @@ ssl_handle_write(struct comm_point* c)
 			ub_winsock_tcp_wouldblock(c->ev->ev, UB_EV_WRITE);
 			return 1; /* write more later */
 		} else if(want == SSL_ERROR_SYSCALL) {
+#ifdef EPIPE
+			if(errno == EPIPE && verbosity < 2)
+				return 0; /* silence 'broken pipe' */
+#endif
 			if(errno != 0)
 				log_err("SSL_write syscall: %s",
 					strerror(errno));
@@ -1834,6 +1850,10 @@ ssl_http_read_more(struct comm_point* c)
 			comm_point_listen_for_rw(c, 0, 1);
 			return 1;
 		} else if(want == SSL_ERROR_SYSCALL) {
+#ifdef ECONNRESET
+			if(errno == ECONNRESET && verbosity < 2)
+				return 0; /* silence reset by peer */
+#endif
 			if(errno != 0)
 				log_err("SSL_read syscall: %s",
 					strerror(errno));
@@ -2282,6 +2302,10 @@ ssl_http_write_more(struct comm_point* c)
 		} else if(want == SSL_ERROR_WANT_WRITE) {
 			return 1; /* write more later */
 		} else if(want == SSL_ERROR_SYSCALL) {
+#ifdef EPIPE
+			if(errno == EPIPE && verbosity < 2)
+				return 0; /* silence 'broken pipe' */
+#endif
 			if(errno != 0)
 				log_err("SSL_write syscall: %s",
 					strerror(errno));