XRootD
XrdTls.cc
Go to the documentation of this file.
1 /******************************************************************************/
2 /* */
3 /* X r d T l s . c c */
4 /* */
5 /* (c) 2019 by the Board of Trustees of the Leland Stanford, Jr., University */
6 /* Produced by Andrew Hanushevsky for Stanford University under contract */
7 /* DE-AC02-76-SFO0515 with the Department of Energy */
8 /* */
9 /* This file is part of the XRootD software suite. */
10 /* */
11 /* XRootD is free software: you can redistribute it and/or modify it under */
12 /* the terms of the GNU Lesser General Public License as published by the */
13 /* Free Software Foundation, either version 3 of the License, or (at your */
14 /* option) any later version. */
15 /* */
16 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19 /* License for more details. */
20 /* */
21 /* You should have received a copy of the GNU Lesser General Public License */
22 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24 /* */
25 /* The copyright holder's institutional names and contributor's names may not */
26 /* be used to endorse or promote products derived from this software without */
27 /* specific prior written permission of the institution or contributor. */
28 /******************************************************************************/
29 
30 #include <cstring>
31 #include <iostream>
32 #include <openssl/err.h>
33 #include <openssl/ssl.h>
34 
35 #include "XrdSys/XrdSysE2T.hh"
36 #include "XrdSys/XrdSysTrace.hh"
37 #include "XrdTls/XrdTls.hh"
38 #include "XrdTls/XrdTlsTrace.hh"
39 
40 /******************************************************************************/
41 /* G l o b a l D e f i n i t i o n s */
42 /******************************************************************************/
43 
44 namespace
45 {
46 void ToStdErr(const char *tid, const char *msg, bool sslerr)
47 {
48  std::cerr <<"TLS: " <<msg <<'\n' <<std::flush;
49 }
50 XrdTls::msgCB_t msgCB = ToStdErr;
51 bool echoMsg = false;
52 }
53 
54 namespace XrdTlsGlobal
55 {
56 XrdSysTrace SysTrace("TLS",0);
57 };
58 
59 /******************************************************************************/
60 /* L o c a l F u n c t i o n s */
61 /******************************************************************************/
62 
63 //namespace
64 //{
65 //int RC2SSL_Error(XrdTls::RC rc)
66 //{
67 // switch(rc)
68 // {case XrdTls::TLS_AOK: return SSL_ERROR_NONE;
69 // break;
70 // case XrdTls::TLS_CON_Closed: return SSL_ERROR_ZERO_RETURN;
71 // break;
72 // case XrdTls::TLS_SSL_Error: return SSL_ERROR_SSL;
73 // break;
74 // case XrdTls::TLS_SYS_Error: return SSL_ERROR_SYSCALL;
75 // break;
76 // case XrdTls::TLS_WantRead: return SSL_ERROR_WANT_READ;
77 // break;
78 // case XrdTls::TLS_WantWrite: return SSL_ERROR_WANT_WRITE;
79 // break;
80 // case XrdTls::TLS_WantAccept: return SSL_ERROR_WANT_ACCEPT;
81 // break;
82 // case XrdTls::TLS_WantConnect: return SSL_ERROR_WANT_CONNECT;
83 // break;
84 // default: break;
85 // }
86 // return SSL_ERROR_SSL;
87 //}
88 //}
89 
90 /******************************************************************************/
91 /* E m s g */
92 /******************************************************************************/
93 
94 namespace
95 {
96 int ssl_msg_CB(const char *str, size_t len, void *u)
97 { const char *tid = (const char *)u;
98  msgCB(tid, str, true);
99  if (echoMsg && msgCB != ToStdErr) ToStdErr(tid, str, true);
100  return 0;
101 }
102 }
103 
104 void XrdTls::Emsg(const char *tid, const char *msg, bool flush)
105 {
106 
107 // Setup the trace ID
108 //
109  if (!tid) tid = "TLS";
110 
111 // Print passed in error, if any
112 //
113  if (msg)
114  {msgCB(tid, msg, false);
115  if (echoMsg && msgCB != ToStdErr) ToStdErr(tid, msg, false);
116  }
117 
118 // Flush all openssl errors if so wanted
119 //
120  if (flush) ERR_print_errors_cb(ssl_msg_CB, (void *)tid);
121 }
122 
123 /******************************************************************************/
124 /* R C 2 T e x t */
125 /******************************************************************************/
126 
127 std::string XrdTls::RC2Text(XrdTls::RC rc, bool dbg)
128 {
129  switch(rc)
130  {case TLS_CON_Closed:
131  return std::string("connection closed");
132  break;
133  case TLS_CRT_Missing:
134  return std::string("x509 certificate is missing");
135  break;
136  case TLS_CTX_Missing:
137  return std::string("context is missing");
138  break;
139  case TLS_HNV_Error:
140  return std::string("host name verification failed");
141  break;
142  case TLS_SSL_Error:
143  return std::string("TLS fatal error");
144  break;
145  case TLS_SYS_Error:
146  if (errno == 0) return std::string("socket error");
147  return std::string( XrdSysE2T(errno));
148  break;
149  case TLS_UNK_Error:
150  return std::string("unknown error occurred, sorry!");
151  break;
152  case TLS_VER_Error:
153  return std::string("x509 certificate verification failed");
154  break;
155  case TLS_WantAccept:
156  return std::string("unhandled TLS accept");
157  break;
158  case TLS_WantConnect:
159  return std::string("unhandled TLS connect");
160  break;
161  case TLS_WantRead:
162  return std::string("unhandled TLS read want");
163  break;
164  case TLS_WantWrite:
165  return std::string("unhandled TLS write want");
166  break;
167 
168  default: break;
169  }
170  return std::string("unfathomable error occurred!");
171 }
172 
173 /******************************************************************************/
174 /* S e t D e b u g */
175 /******************************************************************************/
176 
178 {
181  echoMsg = (opts & dbgOUT) != 0;
182 }
183 
184 /******************************************************************************/
185 
187 {
190 }
191 
192 /******************************************************************************/
193 /* S e t M s g C B */
194 /******************************************************************************/
195 
197 {
198  msgCB = (cbP ? cbP : ToStdErr);
199 }
200 
201 /******************************************************************************/
202 /* s s l 2 R C */
203 /******************************************************************************/
204 
206 {
207 // Convert SSL error code to the TLS one
208 //
209  switch(sslrc)
210  {case SSL_ERROR_NONE: return TLS_AOK;
211  break;
212  case SSL_ERROR_ZERO_RETURN: return TLS_CON_Closed;
213  break;
214  case SSL_ERROR_WANT_READ: return TLS_WantRead;
215  break;
216  case SSL_ERROR_WANT_WRITE: return TLS_WantWrite;
217  break;
218  case SSL_ERROR_WANT_ACCEPT: return TLS_WantAccept;
219  break;
220  case SSL_ERROR_WANT_CONNECT: return TLS_WantConnect;
221  break;
222  case SSL_ERROR_SYSCALL: return TLS_SYS_Error;
223  break;
224  case SSL_ERROR_SSL: return TLS_SSL_Error;
225  break;
226  default: break;
227  }
228  return TLS_UNK_Error;
229 }
230 
231 /******************************************************************************/
232 /* s s l 2 T e x t */
233 /******************************************************************************/
234 
235 const char *XrdTls::ssl2Text(int sslrc, const char *dflt)
236 {
237 // Convert SSL error code to the TLS one
238 //
239  switch(sslrc)
240  {case SSL_ERROR_NONE: return "error_none";
241  break;
242  case SSL_ERROR_ZERO_RETURN: return "zero_return";
243  break;
244  case SSL_ERROR_WANT_READ: return "want_read";
245  break;
246  case SSL_ERROR_WANT_WRITE: return "want_write";
247  break;
248  case SSL_ERROR_WANT_ACCEPT: return "want_accept";
249  break;
250  case SSL_ERROR_WANT_CONNECT: return "want_connect";
251  break;
252  case SSL_ERROR_WANT_X509_LOOKUP: return "want_x509_lookup";
253  break;
254  case SSL_ERROR_SYSCALL: return "error_syscall";
255  break;
256  case SSL_ERROR_SSL: return "error_ssl";
257  break;
258  default: return dflt;
259  }
260 }
261 
262 /******************************************************************************/
263 /* C l e a r E r r o r Q u e u e */
264 /******************************************************************************/
266 {
267  ERR_clear_error();
268 }
struct myOpts opts
const char * XrdSysE2T(int errcode)
Definition: XrdSysE2T.cc:104
void SetLogger(XrdSysLogger *logp)
Definition: XrdSysTrace.cc:65
void(* msgCB_t)(const char *tid, const char *msg, bool sslmsg)
Definition: XrdTls.hh:87
static void SetMsgCB(msgCB_t cbP)
Definition: XrdTls.cc:196
static std::string RC2Text(XrdTls::RC rc, bool dbg=false)
Definition: XrdTls.cc:127
static RC ssl2RC(int sslrc)
Definition: XrdTls.cc:205
static const int dbgOUT
Force msgs to stderr for easier client debug.
Definition: XrdTls.hh:104
static void Emsg(const char *tid, const char *msg=0, bool flush=true)
Definition: XrdTls.cc:104
static void ClearErrorQueue()
Clear the SSL error queue for the calling thread.
Definition: XrdTls.cc:265
static const char * ssl2Text(int sslrc, const char *dflt="unknown_error")
Definition: XrdTls.cc:235
@ TLS_AOK
All went well, will always be zero.
Definition: XrdTls.hh:40
@ TLS_WantWrite
Reissue call when writes do not block.
Definition: XrdTls.hh:52
@ TLS_HNV_Error
A hostname validation error occuured.
Definition: XrdTls.hh:44
@ TLS_CON_Closed
TLS connection has been closed.
Definition: XrdTls.hh:41
@ TLS_WantRead
Reissue call when reads do not block.
Definition: XrdTls.hh:51
@ TLS_VER_Error
Certificate verification failed.
Definition: XrdTls.hh:48
@ TLS_CRT_Missing
The x509 certificate missing.
Definition: XrdTls.hh:42
@ TLS_WantAccept
Reissue call when Accept() completes.
Definition: XrdTls.hh:49
@ TLS_UNK_Error
An unknown error occurred.
Definition: XrdTls.hh:47
@ TLS_SYS_Error
A system call error occurred.
Definition: XrdTls.hh:46
@ TLS_WantConnect
Reissue call when Connect() completes.
Definition: XrdTls.hh:50
@ TLS_SSL_Error
An SSL error occurred.
Definition: XrdTls.hh:45
@ TLS_CTX_Missing
The TLS context is missing.
Definition: XrdTls.hh:43
static void SetDebug(int opts, XrdSysLogger *logP=0)
Definition: XrdTls.cc:177
XrdSsiLogger::MCB_t * msgCB
Definition: XrdSsiLogger.cc:59
XrdSysTrace SysTrace("TLS", 0)