|
1 | 1 | use log::log_enabled;
|
2 |
| -use openssl::ssl::{Ssl, SslContextBuilder, SslFiletype, SslMethod}; |
| 2 | +use openssl::ssl::{ErrorCode, Ssl, SslContextBuilder, SslFiletype, SslMethod}; |
3 | 3 | use simplelog::*;
|
4 | 4 | use std::collections::VecDeque;
|
5 | 5 | use std::fmt;
|
@@ -501,6 +501,21 @@ pub async fn endpoint_reader<A: Endpoint<A>>(device: Rc<A>, tx: Sender<Packet>)
|
501 | 501 | }
|
502 | 502 | }
|
503 | 503 |
|
| 504 | +/// checking if there was a true fatal SSL error |
| 505 | +/// Note that the error may not be fatal. For example if the underlying |
| 506 | +/// stream is an asynchronous one then `HandshakeError::WouldBlock` may |
| 507 | +/// just mean to wait for more I/O to happen later. |
| 508 | +fn ssl_check_failure<T>(res: std::result::Result<T, openssl::ssl::Error>) -> Result<()> { |
| 509 | + if let Err(err) = res { |
| 510 | + match err.code() { |
| 511 | + ErrorCode::WANT_READ | ErrorCode::WANT_WRITE | ErrorCode::SYSCALL => Ok(()), |
| 512 | + _ => return Err(Box::new(err)), |
| 513 | + } |
| 514 | + } else { |
| 515 | + Ok(()) |
| 516 | + } |
| 517 | +} |
| 518 | + |
504 | 519 | /// main thread doing all packet processing of an endpoint/device
|
505 | 520 | pub async fn proxy<A: Endpoint<A> + 'static>(
|
506 | 521 | proxy_type: ProxyType,
|
@@ -572,7 +587,7 @@ pub async fn proxy<A: Endpoint<A> + 'static>(
|
572 | 587 | let pkt = rxr.recv().await.ok_or("reader channel hung up")?;
|
573 | 588 | let _ = pkt_debug(proxy_type, HexdumpLevel::RawInput, hex_requested, &pkt).await;
|
574 | 589 | pkt.ssl_decapsulate_write(&mut mem_buf).await?;
|
575 |
| - let _ = server.accept(); |
| 590 | + ssl_check_failure(server.accept())?; |
576 | 591 | info!(
|
577 | 592 | "{} 🔒 stage #{} of {}: SSL handshake: {}",
|
578 | 593 | get_name(proxy_type),
|
@@ -612,7 +627,7 @@ pub async fn proxy<A: Endpoint<A> + 'static>(
|
612 | 627 | // doing SSL handshake
|
613 | 628 | const STEPS: u8 = 3;
|
614 | 629 | for i in 1..=STEPS {
|
615 |
| - let _ = server.do_handshake(); |
| 630 | + ssl_check_failure(server.do_handshake())?; |
616 | 631 | info!(
|
617 | 632 | "{} 🔒 stage #{} of {}: SSL handshake: {}",
|
618 | 633 | get_name(proxy_type),
|
|
0 commit comments