|
1 | 1 | use log::log_enabled; |
2 | | -use openssl::ssl::{Ssl, SslContextBuilder, SslFiletype, SslMethod}; |
| 2 | +use openssl::ssl::{ErrorCode, Ssl, SslContextBuilder, SslFiletype, SslMethod}; |
3 | 3 | use simplelog::*; |
4 | 4 | use std::collections::VecDeque; |
5 | 5 | use std::fmt; |
@@ -501,6 +501,21 @@ pub async fn endpoint_reader<A: Endpoint<A>>(device: Rc<A>, tx: Sender<Packet>) |
501 | 501 | } |
502 | 502 | } |
503 | 503 |
|
| 504 | +/// checking if there was a true fatal SSL error |
| 505 | +/// Note that the error may not be fatal. For example if the underlying |
| 506 | +/// stream is an asynchronous one then `HandshakeError::WouldBlock` may |
| 507 | +/// just mean to wait for more I/O to happen later. |
| 508 | +fn ssl_check_failure<T>(res: std::result::Result<T, openssl::ssl::Error>) -> Result<()> { |
| 509 | + if let Err(err) = res { |
| 510 | + match err.code() { |
| 511 | + ErrorCode::WANT_READ | ErrorCode::WANT_WRITE | ErrorCode::SYSCALL => Ok(()), |
| 512 | + _ => return Err(Box::new(err)), |
| 513 | + } |
| 514 | + } else { |
| 515 | + Ok(()) |
| 516 | + } |
| 517 | +} |
| 518 | + |
504 | 519 | /// main thread doing all packet processing of an endpoint/device |
505 | 520 | pub async fn proxy<A: Endpoint<A> + 'static>( |
506 | 521 | proxy_type: ProxyType, |
@@ -572,7 +587,7 @@ pub async fn proxy<A: Endpoint<A> + 'static>( |
572 | 587 | let pkt = rxr.recv().await.ok_or("reader channel hung up")?; |
573 | 588 | let _ = pkt_debug(proxy_type, HexdumpLevel::RawInput, hex_requested, &pkt).await; |
574 | 589 | pkt.ssl_decapsulate_write(&mut mem_buf).await?; |
575 | | - let _ = server.accept(); |
| 590 | + ssl_check_failure(server.accept())?; |
576 | 591 | info!( |
577 | 592 | "{} 🔒 stage #{} of {}: SSL handshake: {}", |
578 | 593 | get_name(proxy_type), |
@@ -612,7 +627,7 @@ pub async fn proxy<A: Endpoint<A> + 'static>( |
612 | 627 | // doing SSL handshake |
613 | 628 | const STEPS: u8 = 3; |
614 | 629 | for i in 1..=STEPS { |
615 | | - let _ = server.do_handshake(); |
| 630 | + ssl_check_failure(server.do_handshake())?; |
616 | 631 | info!( |
617 | 632 | "{} 🔒 stage #{} of {}: SSL handshake: {}", |
618 | 633 | get_name(proxy_type), |
|
0 commit comments