XRootD
XrdTls Class Reference

#include <XrdTls.hh>

+ Collaboration diagram for XrdTls:

Public Types

typedef void(* msgCB_t) (const char *tid, const char *msg, bool sslmsg)
 
enum  RC {
  TLS_AOK = 0 ,
  TLS_CON_Closed ,
  TLS_CRT_Missing ,
  TLS_CTX_Missing ,
  TLS_HNV_Error ,
  TLS_SSL_Error ,
  TLS_SYS_Error ,
  TLS_UNK_Error ,
  TLS_VER_Error ,
  TLS_WantAccept ,
  TLS_WantConnect ,
  TLS_WantRead ,
  TLS_WantWrite
}
 

Static Public Member Functions

static void ClearErrorQueue ()
 Clear the SSL error queue for the calling thread. More...
 
static void Emsg (const char *tid, const char *msg=0, bool flush=true)
 
static std::string RC2Text (XrdTls::RC rc, bool dbg=false)
 
static void SetDebug (int opts, msgCB_t logP)
 
static void SetDebug (int opts, XrdSysLogger *logP=0)
 
static void SetMsgCB (msgCB_t cbP)
 
static RC ssl2RC (int sslrc)
 
static const char * ssl2Text (int sslrc, const char *dflt="unknown_error")
 

Static Public Attributes

static const int dbgALL = 7
 Turn debugging for everything. More...
 
static const int dbgCTX = 1
 Turn debugging in for context operations. More...
 
static const int dbgOFF = 0
 Turn debugging off (initial deault) More...
 
static const int dbgOUT = 8
 Force msgs to stderr for easier client debug. More...
 
static const int dbgSIO = 4
 Turn debugging in for socket I/O. More...
 
static const int dbgSOK = 2
 Turn debugging in for socket operations. More...
 

Detailed Description

Definition at line 36 of file XrdTls.hh.

Member Typedef Documentation

◆ msgCB_t

typedef void(* XrdTls::msgCB_t) (const char *tid, const char *msg, bool sslmsg)

Set the message callback.

Parameters
cbPPointer to the message callback function. If nil, messages are sent to stderr. This is a global setting.
Note
You should establish a callback once in the main thread.

Definition at line 87 of file XrdTls.hh.

Member Enumeration Documentation

◆ RC

enum XrdTls::RC
Enumerator
TLS_AOK 

All went well, will always be zero.

TLS_CON_Closed 

TLS connection has been closed.

TLS_CRT_Missing 

The x509 certificate missing.

TLS_CTX_Missing 

The TLS context is missing.

TLS_HNV_Error 

A hostname validation error occuured.

TLS_SSL_Error 

An SSL error occurred.

TLS_SYS_Error 

A system call error occurred.

TLS_UNK_Error 

An unknown error occurred.

TLS_VER_Error 

Certificate verification failed.

TLS_WantAccept 

Reissue call when Accept() completes.

TLS_WantConnect 

Reissue call when Connect() completes.

TLS_WantRead 

Reissue call when reads do not block.

TLS_WantWrite 

Reissue call when writes do not block.

Definition at line 40 of file XrdTls.hh.

40  {TLS_AOK = 0,
51  TLS_WantRead,
53  };
@ TLS_AOK
All went well, will always be zero.
Definition: XrdTls.hh:40
@ TLS_WantWrite
Reissue call when writes do not block.
Definition: XrdTls.hh:52
@ TLS_HNV_Error
A hostname validation error occuured.
Definition: XrdTls.hh:44
@ TLS_CON_Closed
TLS connection has been closed.
Definition: XrdTls.hh:41
@ TLS_WantRead
Reissue call when reads do not block.
Definition: XrdTls.hh:51
@ TLS_VER_Error
Certificate verification failed.
Definition: XrdTls.hh:48
@ TLS_CRT_Missing
The x509 certificate missing.
Definition: XrdTls.hh:42
@ TLS_WantAccept
Reissue call when Accept() completes.
Definition: XrdTls.hh:49
@ TLS_UNK_Error
An unknown error occurred.
Definition: XrdTls.hh:47
@ TLS_SYS_Error
A system call error occurred.
Definition: XrdTls.hh:46
@ TLS_WantConnect
Reissue call when Connect() completes.
Definition: XrdTls.hh:50
@ TLS_SSL_Error
An SSL error occurred.
Definition: XrdTls.hh:45
@ TLS_CTX_Missing
The TLS context is missing.
Definition: XrdTls.hh:43

Member Function Documentation

◆ ClearErrorQueue()

void XrdTls::ClearErrorQueue ( )
static

Clear the SSL error queue for the calling thread.

Definition at line 265 of file XrdTls.cc.

266 {
267  ERR_clear_error();
268 }

Referenced by XrdCl::Tls::ClearErrorQueue(), and XrdXrootdProtocol::Process2().

+ Here is the caller graph for this function:

◆ Emsg()

void XrdTls::Emsg ( const char *  tid,
const char *  msg = 0,
bool  flush = true 
)
static

Route an optional error message and flush outstanding messages.

Parameters
tid- Optional trace identifier.
msg- An optional message.
flush- If true prints all outstanding ssl messages. Otherwise, it clears all outstanding sll messages.

Definition at line 104 of file XrdTls.cc.

105 {
106 
107 // Setup the trace ID
108 //
109  if (!tid) tid = "TLS";
110 
111 // Print passed in error, if any
112 //
113  if (msg)
114  {msgCB(tid, msg, false);
115  if (echoMsg && msgCB != ToStdErr) ToStdErr(tid, msg, false);
116  }
117 
118 // Flush all openssl errors if so wanted
119 //
120  if (flush) ERR_print_errors_cb(ssl_msg_CB, (void *)tid);
121 }
XrdSsiLogger::MCB_t * msgCB
Definition: XrdSsiLogger.cc:59

References XrdSsi::msgCB.

Referenced by XrdTlsCrl::Refresh(), XrdTlsContext::SetCrlRefresh(), XrdTlsFlush::Setup_Flusher(), and XrdTlsSocket::Shutdown().

+ Here is the caller graph for this function:

◆ RC2Text()

std::string XrdTls::RC2Text ( XrdTls::RC  rc,
bool  dbg = false 
)
static

Convert TLS RC code to a reason string.

Parameters
rc- The TLS return code.
dbg- True to include additional identifying text. Otherwise, a concise message decribing the error is returned.
Returns
A string describing the error.

Definition at line 127 of file XrdTls.cc.

128 {
129  switch(rc)
130  {case TLS_CON_Closed:
131  return std::string("connection closed");
132  break;
133  case TLS_CRT_Missing:
134  return std::string("x509 certificate is missing");
135  break;
136  case TLS_CTX_Missing:
137  return std::string("context is missing");
138  break;
139  case TLS_HNV_Error:
140  return std::string("host name verification failed");
141  break;
142  case TLS_SSL_Error:
143  return std::string("TLS fatal error");
144  break;
145  case TLS_SYS_Error:
146  if (errno == 0) return std::string("socket error");
147  return std::string( XrdSysE2T(errno));
148  break;
149  case TLS_UNK_Error:
150  return std::string("unknown error occurred, sorry!");
151  break;
152  case TLS_VER_Error:
153  return std::string("x509 certificate verification failed");
154  break;
155  case TLS_WantAccept:
156  return std::string("unhandled TLS accept");
157  break;
158  case TLS_WantConnect:
159  return std::string("unhandled TLS connect");
160  break;
161  case TLS_WantRead:
162  return std::string("unhandled TLS read want");
163  break;
164  case TLS_WantWrite:
165  return std::string("unhandled TLS write want");
166  break;
167 
168  default: break;
169  }
170  return std::string("unfathomable error occurred!");
171 }
const char * XrdSysE2T(int errcode)
Definition: XrdSysE2T.cc:104

References TLS_CON_Closed, TLS_CRT_Missing, TLS_CTX_Missing, TLS_HNV_Error, TLS_SSL_Error, TLS_SYS_Error, TLS_UNK_Error, TLS_VER_Error, TLS_WantAccept, TLS_WantConnect, TLS_WantRead, TLS_WantWrite, and XrdSysE2T().

Referenced by XrdLinkXeq::TLS_Error().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetDebug() [1/2]

void XrdTls::SetDebug ( int  opts,
XrdTls::msgCB_t  cbP 
)
static

Definition at line 186 of file XrdTls.cc.

187 {
190 }
struct myOpts opts
void SetLogger(XrdSysLogger *logp)
Definition: XrdSysTrace.cc:65
XrdSysTrace SysTrace("TLS", 0)

References opts, XrdSysTrace::SetLogger(), XrdTlsGlobal::SysTrace, and XrdSysTrace::What.

+ Here is the call graph for this function:

◆ SetDebug() [2/2]

void XrdTls::SetDebug ( int  opts,
XrdSysLogger logP = 0 
)
static

Definition at line 177 of file XrdTls.cc.

178 {
181  echoMsg = (opts & dbgOUT) != 0;
182 }
static const int dbgOUT
Force msgs to stderr for easier client debug.
Definition: XrdTls.hh:104

References dbgOUT, opts, XrdSysTrace::SetLogger(), XrdTlsGlobal::SysTrace, and XrdSysTrace::What.

Referenced by XrdTlsContext::XrdTlsContext().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ SetMsgCB()

void XrdTls::SetMsgCB ( XrdTls::msgCB_t  cbP)
static

Definition at line 196 of file XrdTls.cc.

197 {
198  msgCB = (cbP ? cbP : ToStdErr);
199 }

References XrdSsi::msgCB.

◆ ssl2RC()

XrdTls::RC XrdTls::ssl2RC ( int  sslrc)
static

Convert SSL error to TLS::RC code.

Parameters
sslrc- the SSL error return code.
Returns
The corresponding TLS::RC code.

Definition at line 205 of file XrdTls.cc.

206 {
207 // Convert SSL error code to the TLS one
208 //
209  switch(sslrc)
210  {case SSL_ERROR_NONE: return TLS_AOK;
211  break;
212  case SSL_ERROR_ZERO_RETURN: return TLS_CON_Closed;
213  break;
214  case SSL_ERROR_WANT_READ: return TLS_WantRead;
215  break;
216  case SSL_ERROR_WANT_WRITE: return TLS_WantWrite;
217  break;
218  case SSL_ERROR_WANT_ACCEPT: return TLS_WantAccept;
219  break;
220  case SSL_ERROR_WANT_CONNECT: return TLS_WantConnect;
221  break;
222  case SSL_ERROR_SYSCALL: return TLS_SYS_Error;
223  break;
224  case SSL_ERROR_SSL: return TLS_SSL_Error;
225  break;
226  default: break;
227  }
228  return TLS_UNK_Error;
229 }

References TLS_AOK, TLS_CON_Closed, TLS_SSL_Error, TLS_SYS_Error, TLS_UNK_Error, TLS_WantAccept, TLS_WantConnect, TLS_WantRead, and TLS_WantWrite.

Referenced by XrdTlsSocket::Accept(), XrdTlsSocket::Connect(), XrdTlsSocket::Peek(), XrdTlsSocket::Read(), and XrdTlsSocket::Write().

+ Here is the caller graph for this function:

◆ ssl2Text()

const char * XrdTls::ssl2Text ( int  sslrc,
const char *  dflt = "unknown_error" 
)
static

Convert SSL error to text.

Parameters
sslrc- the SSL error return code.
dflt- the default to be return when mapping does no exist.
Returns
The corresponding text or the dflt string is returned.
Note
This is provided because some versions of OpenSSL do not provide a reasonable textual reason no matter what you use.

Definition at line 235 of file XrdTls.cc.

236 {
237 // Convert SSL error code to the TLS one
238 //
239  switch(sslrc)
240  {case SSL_ERROR_NONE: return "error_none";
241  break;
242  case SSL_ERROR_ZERO_RETURN: return "zero_return";
243  break;
244  case SSL_ERROR_WANT_READ: return "want_read";
245  break;
246  case SSL_ERROR_WANT_WRITE: return "want_write";
247  break;
248  case SSL_ERROR_WANT_ACCEPT: return "want_accept";
249  break;
250  case SSL_ERROR_WANT_CONNECT: return "want_connect";
251  break;
252  case SSL_ERROR_WANT_X509_LOOKUP: return "want_x509_lookup";
253  break;
254  case SSL_ERROR_SYSCALL: return "error_syscall";
255  break;
256  case SSL_ERROR_SSL: return "error_ssl";
257  break;
258  default: return dflt;
259  }
260 }

Member Data Documentation

◆ dbgALL

const int XrdTls::dbgALL = 7
static

Turn debugging for everything.

Definition at line 103 of file XrdTls.hh.

Referenced by XrdTlsContext::XrdTlsContext().

◆ dbgCTX

const int XrdTls::dbgCTX = 1
static

Turn debugging in for context operations.

Definition at line 100 of file XrdTls.hh.

Referenced by XrdTlsContext::XrdTlsContext(), and XrdTlsFlush::Flusher().

◆ dbgOFF

const int XrdTls::dbgOFF = 0
static

Turn debugging off (initial deault)

Set debugging on or off.

Parameters
optsOne of or more of the options below.
logPPointer to XrdSysLogger or the message callback (see above) to route messages. If nil messages are routed to stderr.

Definition at line 99 of file XrdTls.hh.

◆ dbgOUT

const int XrdTls::dbgOUT = 8
static

Force msgs to stderr for easier client debug.

Definition at line 104 of file XrdTls.hh.

Referenced by XrdTlsContext::XrdTlsContext(), and SetDebug().

◆ dbgSIO

const int XrdTls::dbgSIO = 4
static

Turn debugging in for socket I/O.

Definition at line 102 of file XrdTls.hh.

Referenced by XrdTlsContext::XrdTlsContext(), XrdTlsSocket::Peek(), XrdTlsSocket::Read(), and XrdTlsSocket::Write().

◆ dbgSOK

const int XrdTls::dbgSOK = 2
static

Turn debugging in for socket operations.

Definition at line 101 of file XrdTls.hh.

Referenced by XrdTlsContext::XrdTlsContext(), XrdTlsSocket::Accept(), and XrdTlsSocket::Connect().


The documentation for this class was generated from the following files: