Skip to content

Commit a44796f

Browse files
committedApr 30, 2025·
mitm: check for do_handshake() and accept() SSL errors
1 parent 749e030 commit a44796f

File tree

1 file changed

+18
-3
lines changed

1 file changed

+18
-3
lines changed
 

‎src/mitm.rs

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
use log::log_enabled;
2-
use openssl::ssl::{Ssl, SslContextBuilder, SslFiletype, SslMethod};
2+
use openssl::ssl::{ErrorCode, Ssl, SslContextBuilder, SslFiletype, SslMethod};
33
use simplelog::*;
44
use std::collections::VecDeque;
55
use std::fmt;
@@ -501,6 +501,21 @@ pub async fn endpoint_reader<A: Endpoint<A>>(device: Rc<A>, tx: Sender<Packet>)
501501
}
502502
}
503503

504+
/// checking if there was a true fatal SSL error
505+
/// Note that the error may not be fatal. For example if the underlying
506+
/// stream is an asynchronous one then `HandshakeError::WouldBlock` may
507+
/// just mean to wait for more I/O to happen later.
508+
fn ssl_check_failure<T>(res: std::result::Result<T, openssl::ssl::Error>) -> Result<()> {
509+
if let Err(err) = res {
510+
match err.code() {
511+
ErrorCode::WANT_READ | ErrorCode::WANT_WRITE | ErrorCode::SYSCALL => Ok(()),
512+
_ => return Err(Box::new(err)),
513+
}
514+
} else {
515+
Ok(())
516+
}
517+
}
518+
504519
/// main thread doing all packet processing of an endpoint/device
505520
pub async fn proxy<A: Endpoint<A> + 'static>(
506521
proxy_type: ProxyType,
@@ -572,7 +587,7 @@ pub async fn proxy<A: Endpoint<A> + 'static>(
572587
let pkt = rxr.recv().await.ok_or("reader channel hung up")?;
573588
let _ = pkt_debug(proxy_type, HexdumpLevel::RawInput, hex_requested, &pkt).await;
574589
pkt.ssl_decapsulate_write(&mut mem_buf).await?;
575-
let _ = server.accept();
590+
ssl_check_failure(server.accept())?;
576591
info!(
577592
"{} 🔒 stage #{} of {}: SSL handshake: {}",
578593
get_name(proxy_type),
@@ -612,7 +627,7 @@ pub async fn proxy<A: Endpoint<A> + 'static>(
612627
// doing SSL handshake
613628
const STEPS: u8 = 3;
614629
for i in 1..=STEPS {
615-
let _ = server.do_handshake();
630+
ssl_check_failure(server.do_handshake())?;
616631
info!(
617632
"{} 🔒 stage #{} of {}: SSL handshake: {}",
618633
get_name(proxy_type),

0 commit comments

Comments
 (0)
Please sign in to comment.