ssize_t ret;
size_t try, done = 0;
+ TRACE_ENTER(SSL_EV_CONN_RECV, conn);
+
if (!ctx)
goto out_error;
b_del(&ctx->early_buf, try);
if (b_data(&ctx->early_buf) == 0)
b_free(&ctx->early_buf);
+ TRACE_STATE("read early data", SSL_EV_CONN_RECV|SSL_EV_CONN_RECV_EARLY, conn, &try);
return try;
}
#endif
- if (conn->flags & (CO_FL_WAIT_XPRT | CO_FL_SSL_WAIT_HS))
+ if (conn->flags & (CO_FL_WAIT_XPRT | CO_FL_SSL_WAIT_HS)) {
/* a handshake was requested */
+ TRACE_LEAVE(SSL_EV_CONN_RECV, conn);
return 0;
+ }
/* read the largest possible block. For this, we perform only one call
* to recv() unless the buffer wraps and we exactly fill the first hunk,
b_add(buf, ret);
done += ret;
count -= ret;
+ TRACE_DEVEL("Post SSL_read success", SSL_EV_CONN_RECV, conn, &ret);
}
else {
ret = SSL_get_error(ctx->ssl, ret);
if (global_ssl.async)
SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
#endif
+ TRACE_DEVEL("SSL want write", SSL_EV_CONN_RECV, conn);
break;
}
else if (ret == SSL_ERROR_WANT_READ) {
#endif
break;
}
+ TRACE_DEVEL("SSL want read", SSL_EV_CONN_RECV, conn);
break;
- } else if (ret == SSL_ERROR_ZERO_RETURN)
+ } else if (ret == SSL_ERROR_ZERO_RETURN) {
+ TRACE_STATE("SSL read error (zero return)", SSL_EV_CONN_RECV, conn);
goto read0;
- else if (ret == SSL_ERROR_SSL) {
+ } else if (ret == SSL_ERROR_SSL) {
struct ssl_sock_ctx *ctx = conn_get_ssl_sock_ctx(conn);
if (ctx && !ctx->error_code)
ctx->error_code = ERR_peek_error();
/* For SSL_ERROR_SYSCALL, make sure to clear the error
* stack before shutting down the connection for
* reading. */
- if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN || errno == EWOULDBLOCK))
+ if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN || errno == EWOULDBLOCK)) {
+ TRACE_PROTO("SSL read error (syscall)", SSL_EV_CONN_RECV, conn);
goto clear_ssl_error;
+ }
/* otherwise it's a real error */
+ TRACE_ERROR("rx fatal error", SSL_EV_CONN_RECV|SSL_EV_CONN_ERR, conn, &ret);
goto out_error;
}
}
leave:
+ TRACE_LEAVE(SSL_EV_CONN_RECV, conn);
return done;
clear_ssl_error:
goto leave;
out_error:
+ TRACE_ERROR("rx error", SSL_EV_CONN_RECV, conn);
conn_report_term_evt(conn, tevt_loc_xprt, xprt_tevt_type_rcv_err);
conn->flags |= CO_FL_ERROR;
/* Clear openssl global errors stack */
ssize_t ret;
size_t try, done;
+ TRACE_ENTER(SSL_EV_CONN_SEND, conn);
+
done = 0;
if (!ctx)
goto out_error;
- if (conn->flags & (CO_FL_WAIT_XPRT | CO_FL_SSL_WAIT_HS | CO_FL_EARLY_SSL_HS))
+ if (conn->flags & (CO_FL_WAIT_XPRT | CO_FL_SSL_WAIT_HS | CO_FL_EARLY_SSL_HS)) {
/* a handshake was requested */
+ TRACE_LEAVE(SSL_EV_CONN_SEND, conn);
return 0;
+ }
/* send the largest possible block. For this we perform only one call
* to send() unless the buffer wraps and we exactly fill the first hunk,
/* Initiate the handshake, now */
tasklet_wakeup(ctx->wait_event.tasklet);
}
-
+ TRACE_PROTO("Write early data", SSL_EV_CONN_SEND|SSL_EV_CONN_SEND_EARLY, conn, &ret);
}
} else
ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
count -= ret;
done += ret;
+ TRACE_DEVEL("Post SSL_write success", SSL_EV_CONN_SEND, conn, &ret);
}
else {
ret = SSL_get_error(ctx->ssl, ret);
#endif
break;
}
-
+ TRACE_DEVEL("SSL want write", SSL_EV_CONN_SEND, conn);
break;
}
else if (ret == SSL_ERROR_WANT_READ) {
if (global_ssl.async)
SSL_set_mode(ctx->ssl, SSL_MODE_ASYNC);
#endif
+ TRACE_DEVEL("SSL want read", SSL_EV_CONN_SEND, conn);
break;
}
else if (ret == SSL_ERROR_SSL || ret == SSL_ERROR_SYSCALL) {
if (ctx && !ctx->error_code)
ctx->error_code = ERR_peek_error();
conn->err_code = CO_ER_SSL_FATAL;
+ TRACE_ERROR("tx fatal error", SSL_EV_CONN_SEND|SSL_EV_CONN_ERR, conn, &ctx->error_code);
}
goto out_error;
}
}
leave:
+ TRACE_LEAVE(SSL_EV_CONN_SEND, conn);
return done;
out_error:
+ TRACE_ERROR("tx error", SSL_EV_CONN_SEND, conn);
/* Clear openssl global errors stack */
ssl_sock_dump_errors(conn, NULL);
ERR_clear_error();
-
conn_report_term_evt(conn, tevt_loc_xprt, xprt_tevt_type_snd_err);
conn->flags |= CO_FL_ERROR;
goto leave;
{ .mask = SSL_EV_CONN_CLOSE, .name = "sslc_close", .desc = "close SSL connection" },
{ .mask = SSL_EV_CONN_END, .name = "sslc_end", .desc = "SSL connection end" },
{ .mask = SSL_EV_CONN_ERR, .name = "sslc_err", .desc = "SSL error"},
+ { .mask = SSL_EV_CONN_SEND, .name = "sslc_send", .desc = "Tx on SSL connection" },
+ { .mask = SSL_EV_CONN_SEND_EARLY, .name = "sslc_send_early", .desc = "Tx on SSL connection (early data)" },
+ { .mask = SSL_EV_CONN_RECV, .name = "sslc_recv", .desc = "Rx on SSL connection" },
+ { .mask = SSL_EV_CONN_RECV_EARLY, .name = "sslc_recv_early", .desc = "Rx on SSL connection (early data)" },
{ }
};
if (src->verbosity <= SSL_VERB_SIMPLE && !(mask & SSL_EV_CONN_ERR))
return;
+
+ if (mask & SSL_EV_CONN_RECV || mask & SSL_EV_CONN_SEND) {
+
+ if (mask & SSL_EV_CONN_ERR) {
+ const unsigned int *ssl_err_code = a2;
+ chunk_appendf(&trace_buf, " : ssl_err_code=%d ssl_err_str=\"%s\"", *ssl_err_code,
+ ERR_error_string(*ssl_err_code, NULL));
+ } else if (src->verbosity > SSL_VERB_SIMPLE) {
+ const ssize_t *size = a2;
+
+ if (size)
+ chunk_appendf(&trace_buf, " : size=%ld", *size);
+ }
+ }
+
}
projects / thirdparty / haproxy.git / commitdiff
