Browse Source

Merge branch 'v0.18'

Paul-Louis Ageneau 2 years ago
parent
commit
e28989a4c4
4 changed files with 34 additions and 22 deletions
  1. 4 6
      src/impl/dtlstransport.cpp
  2. 24 8
      src/impl/tls.cpp
  3. 1 1
      src/impl/tls.hpp
  4. 5 7
      src/impl/tlstransport.cpp

+ 4 - 6
src/impl/dtlstransport.cpp

@@ -738,7 +738,7 @@ DtlsTransport::DtlsTransport(shared_ptr<IceTransport> lower, certificate_ptr cer
 
 		SSL_CTX_set_min_proto_version(mCtx, DTLS1_VERSION);
 		SSL_CTX_set_read_ahead(mCtx, 1);
-		SSL_CTX_set_quiet_shutdown(mCtx, 0); // sent the dtls close_notify alert
+		SSL_CTX_set_quiet_shutdown(mCtx, 0); // send the close_notify alert
 		SSL_CTX_set_info_callback(mCtx, InfoCallback);
 
 		SSL_CTX_set_verify(mCtx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
@@ -956,6 +956,9 @@ void DtlsTransport::doRecv() {
 			}
 		}
 
+		std::lock_guard lock(mSslMutex);
+		SSL_shutdown(mSsl);
+
 	} catch (const std::exception &e) {
 		PLOG_ERROR << "DTLS recv: " << e.what();
 	}
@@ -968,11 +971,6 @@ void DtlsTransport::doRecv() {
 		PLOG_ERROR << "DTLS handshake failed";
 		changeState(State::Failed);
 	}
-
-	{
-		std::lock_guard lock(mSslMutex);
-		SSL_shutdown(mSsl);
-	}
 }
 
 void DtlsTransport::handleTimeout() {

+ 24 - 8
src/impl/tls.cpp

@@ -163,32 +163,48 @@ void init() {
 	}
 }
 
-string error_string(unsigned long err) {
+string error_string(unsigned long error) {
 	const size_t bufferSize = 256;
 	char buffer[bufferSize];
-	ERR_error_string_n(err, buffer, bufferSize);
+	ERR_error_string_n(error, buffer, bufferSize);
 	return string(buffer);
 }
 
 bool check(int success, const string &message) {
-	if (success)
+	unsigned long last_error = ERR_peek_last_error();
+	ERR_clear_error();
+
+	if (success > 0)
 		return true;
 
-	string str = error_string(ERR_get_error());
-	throw std::runtime_error(message + ": " + str);
+	string str = message;
+	if (last_error != 0)
+		str += ": " + error_string(last_error);
+
+	throw std::runtime_error(str);
 }
 
 // Return false on EOF
 bool check(SSL *ssl, int ret, const string &message) {
-	unsigned long err = SSL_get_error(ssl, ret);
+	unsigned long last_error = ERR_peek_last_error();
+	ERR_clear_error();
+
+	int err = SSL_get_error(ssl, ret);
 	if (err == SSL_ERROR_NONE || err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) {
 		return true;
 	}
 	if (err == SSL_ERROR_ZERO_RETURN) {
 		return false;
 	}
-	string str = error_string(err);
-	throw std::runtime_error(message + ": " + str);
+
+	string str = message;
+	if (err == SSL_ERROR_SYSCALL) {
+		str += ": fatal I/O error";
+	} else if (err == SSL_ERROR_SSL) {
+		if (last_error != 0)
+			str += ": " + error_string(last_error);
+	}
+	throw std::runtime_error(str);
 }
 
 BIO *BIO_new_from_file(const string &filename) {

+ 1 - 1
src/impl/tls.hpp

@@ -82,7 +82,7 @@ std::shared_ptr<mbedtls_x509_crt> new_x509_crt();
 namespace rtc::openssl {
 
 void init();
-string error_string(unsigned long err);
+string error_string(unsigned long error);
 
 bool check(int success, const string &message = "OpenSSL error");
 bool check(SSL *ssl, int ret, const string &message = "OpenSSL error");

+ 5 - 7
src/impl/tlstransport.cpp

@@ -586,10 +586,10 @@ TlsTransport::TlsTransport(variant<shared_ptr<TcpTransport>, shared_ptr<HttpProx
 			}
 		}
 
-		SSL_CTX_set_options(mCtx, SSL_OP_NO_SSLv3);
+		SSL_CTX_set_options(mCtx, SSL_OP_NO_SSLv3 | SSL_OP_NO_RENEGOTIATION);
 		SSL_CTX_set_min_proto_version(mCtx, TLS1_VERSION);
 		SSL_CTX_set_read_ahead(mCtx, 1);
-		SSL_CTX_set_quiet_shutdown(mCtx, 1);
+		SSL_CTX_set_quiet_shutdown(mCtx, 0); // send the close_notify alert
 		SSL_CTX_set_info_callback(mCtx, InfoCallback);
 		SSL_CTX_set_verify(mCtx, SSL_VERIFY_NONE, NULL);
 
@@ -754,6 +754,9 @@ void TlsTransport::doRecv() {
 			}
 		}
 
+		std::lock_guard lock(mSslMutex);
+		SSL_shutdown(mSsl);
+
 	} catch (const std::exception &e) {
 		PLOG_ERROR << "TLS recv: " << e.what();
 	}
@@ -766,11 +769,6 @@ void TlsTransport::doRecv() {
 		PLOG_ERROR << "TLS handshake failed";
 		changeState(State::Failed);
 	}
-
-	{
-		std::lock_guard lock(mSslMutex);
-		SSL_shutdown(mSsl);
-	}
 }
 
 bool TlsTransport::flushOutput() {