1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-26 11:29:53 +03:00

Compare commits

..

3 Commits

Author SHA1 Message Date
hiura2023
3b8c36e6e3
Merge 08213b7f0e into 645a078f8e 2024-05-26 14:50:19 +00:00
hiura
08213b7f0e CHANGE ERROR HANDLER FOR SSL ERROR: Change of indent 2024-05-26 23:50:05 +09:00
hiura
98852b77d9 CHANGE ERROR HANDLER FOR SSL ERROR: 2024-05-26 23:36:21 +09:00

View File

@ -12288,6 +12288,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
ret = SSL_peek(ssl, &c, sizeof(c)); ret = SSL_peek(ssl, &c, sizeof(c));
} }
Unlock(sock->ssl_lock); Unlock(sock->ssl_lock);
#if OPENSSL_VERSION_NUMBER < 0x30000000L
// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
// > You should instead call SSL_get_error() to find out if it's retryable.
if (ret == 0) if (ret == 0)
{ {
// The communication have been disconnected // The communication have been disconnected
@ -12295,7 +12300,8 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__); Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
return 0; return 0;
} }
if (ret < 0) #endif
if (ret <= 0)
{ {
// An error has occurred // An error has occurred
e = SSL_get_error(ssl, ret); e = SSL_get_error(ssl, ret);
@ -12303,14 +12309,16 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
{ {
if (e == SSL_ERROR_SSL if (e == SSL_ERROR_SSL
#if OPENSSL_VERSION_NUMBER < 0x10100000L #if OPENSSL_VERSION_NUMBER < 0x10100000L
&& &&
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL && sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] && sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1] sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
#endif #endif
) )
{ {
Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__); UINT ssl_err_no = ERR_get_error();
Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
Disconnect(sock); Disconnect(sock);
return 0; return 0;
} }
@ -12337,14 +12345,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
} }
#endif // OS_UNIX #endif // OS_UNIX
// Run the time-out thread for SOLARIS // Run the time-out thread for SOLARIS
#ifdef UNIX_SOLARIS #ifdef UNIX_SOLARIS
ttparam = NewSocketTimeout(sock); ttparam = NewSocketTimeout(sock);
#endif // UNIX_SOLARIS #endif // UNIX_SOLARIS
ret = SSL_read(ssl, data, size); ret = SSL_read(ssl, data, size);
// Stop the timeout thread // Stop the timeout thread
#ifdef UNIX_SOLARIS #ifdef UNIX_SOLARIS
FreeSocketTimeout(ttparam); FreeSocketTimeout(ttparam);
#endif // UNIX_SOLARIS #endif // UNIX_SOLARIS
@ -12357,7 +12365,11 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
} }
#endif // OS_UNIX #endif // OS_UNIX
if (ret < 0) #if OPENSSL_VERSION_NUMBER < 0x30000000L
if (ret < 0) // OpenSSL version < 3.0.0
#else
if (ret <= 0) // OpenSSL version >= 3.0.0
#endif
{ {
e = SSL_get_error(ssl, ret); e = SSL_get_error(ssl, ret);
} }
@ -12380,6 +12392,12 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
return (UINT)ret; return (UINT)ret;
} }
#if OPENSSL_VERSION_NUMBER < 0x30000000L
// 2021/09/10: After OpenSSL 3.x.x, both 0 and negative values might mean retryable.
// See: https://github.com/openssl/openssl/blob/435981cbadad2c58c35bacd30ca5d8b4c9bea72f/doc/man3/SSL_read.pod
// > Old documentation indicated a difference between 0 and -1, and that -1 was retryable.
// > You should instead call SSL_get_error() to find out if it's retryable.
if (ret == 0) if (ret == 0)
{ {
// Disconnect the communication // Disconnect the communication
@ -12387,20 +12405,24 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
//Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__); //Debug("%s %u SecureRecv() Disconnect\n", __FILE__, __LINE__);
return 0; return 0;
} }
#endif
if (sock->AsyncMode) if (sock->AsyncMode)
{ {
if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL) if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
{ {
if (e == SSL_ERROR_SSL if (e == SSL_ERROR_SSL
#if OPENSSL_VERSION_NUMBER < 0x10100000L #if OPENSSL_VERSION_NUMBER < 0x10100000L
&& &&
sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL && sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] && sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1] sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
#endif #endif
) )
{ {
Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__); UINT ssl_err_no = ERR_get_error();
Debug("%s %u SSL_ERROR_SSL on ASYNC socket !!! ssl_err_no = %u: '%s'\n", __FILE__, __LINE__, ssl_err_no, ERR_error_string(ssl_err_no, NULL));
Disconnect(sock); Disconnect(sock);
return 0; return 0;
} }
@ -12438,7 +12460,11 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
} }
ret = SSL_write(ssl, data, size); ret = SSL_write(ssl, data, size);
if (ret < 0) #if OPENSSL_VERSION_NUMBER < 0x30000000L
if (ret < 0) // OpenSSL version < 3.0.0
#else
if (ret <= 0) // OpenSSL version >= 3.0.0
#endif
{ {
e = SSL_get_error(ssl, ret); e = SSL_get_error(ssl, ret);
} }
@ -12460,6 +12486,8 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
sock->WriteBlocked = false; sock->WriteBlocked = false;
return (UINT)ret; return (UINT)ret;
} }
#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (ret == 0) if (ret == 0)
{ {
// Disconnect // Disconnect
@ -12467,6 +12495,7 @@ UINT SecureSend(SOCK *sock, void *data, UINT size)
Disconnect(sock); Disconnect(sock);
return 0; return 0;
} }
#endif
if (sock->AsyncMode) if (sock->AsyncMode)
{ {