diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-01-03 16:08:37 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-01-03 16:38:11 +0000 |
| commit | ef2e5890df09193717f9d345ffaaa406e2d8aae7 (patch) | |
| tree | edc137cccf5d14c4c0b0f2ce34d95de99f18147b /src | |
| parent | 299efa252e69a2bbf49cce670afa893663df9610 (diff) | |
TLS: event for daemon accept fail
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/smtp_in.c | 4 | ||||
| -rw-r--r-- | src/src/tls-gnu.c | 5 | ||||
| -rw-r--r-- | src/src/tls-openssl.c | 6 |
3 files changed, 12 insertions, 3 deletions
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 5de861216..a48fac605 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2442,9 +2442,9 @@ return done - 2; /* Convert yield values */ #ifndef DISABLE_TLS static BOOL -smtp_log_tls_fail(uschar * errstr) +smtp_log_tls_fail(const uschar * errstr) { -uschar * conn_info = smtp_get_connection_info(); +const uschar * conn_info = smtp_get_connection_info(); if (Ustrncmp(conn_info, US"SMTP ", 5) == 0) conn_info += 5; /* I'd like to get separated H= here, but too hard for now */ diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index c5a9ad096..4f1039903 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -3043,6 +3043,9 @@ ALARM_CLR(0); if (rc != GNUTLS_E_SUCCESS) { + DEBUG(D_tls) debug_printf(" error %d from gnutls_handshake: %s\n", + rc, gnutls_strerror(rc)); + /* It seems that, except in the case of a timeout, we have to close the connection right here; otherwise if the other end is running OpenSSL it hangs until the server times out. */ @@ -3050,11 +3053,13 @@ if (rc != GNUTLS_E_SUCCESS) if (sigalrm_seen) { tls_error(US"gnutls_handshake", US"timed out", NULL, errstr); + (void) event_raise(event_action, US"tls:fail:connect", *errstr); gnutls_db_remove_session(state->session); } else { tls_error_gnu(state, US"gnutls_handshake", rc, errstr); + (void) event_raise(event_action, US"tls:fail:connect", *errstr); (void) gnutls_alert_send_appropriate(state->session, rc); gnutls_deinit(state->session); gnutls_certificate_free_credentials(state->lib_state.x509_cred); diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 627be433c..0c7772921 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -3311,6 +3311,7 @@ if (rc <= 0) case SSL_ERROR_ZERO_RETURN: DEBUG(D_tls) debug_printf("Got SSL_ERROR_ZERO_RETURN\n"); (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : NULL, errstr); + (void) event_raise(event_action, US"tls:fail:connect", *errstr); if (SSL_get_shutdown(ssl) == SSL_RECEIVED_SHUTDOWN) SSL_shutdown(ssl); @@ -3328,8 +3329,9 @@ if (rc <= 0) || r == SSL_R_VERSION_TOO_LOW #endif || r == SSL_R_UNKNOWN_PROTOCOL || r == SSL_R_UNSUPPORTED_PROTOCOL) - s = string_sprintf("%s (%s)", s, SSL_get_version(ssl)); + s = string_sprintf("(%s)", SSL_get_version(ssl)); (void) tls_error(US"SSL_accept", NULL, sigalrm_seen ? US"timed out" : s, errstr); + (void) event_raise(event_action, US"tls:fail:connect", *errstr); return FAIL; } @@ -3340,6 +3342,7 @@ if (rc <= 0) if (!errno) { *errstr = US"SSL_accept: TCP connection closed by peer"; + (void) event_raise(event_action, US"tls:fail:connect", *errstr); return FAIL; } DEBUG(D_tls) debug_printf(" - syscall %s\n", strerror(errno)); @@ -3348,6 +3351,7 @@ if (rc <= 0) sigalrm_seen ? US"timed out" : ERR_peek_error() ? NULL : string_sprintf("ret %d", error), errstr); + (void) event_raise(event_action, US"tls:fail:connect", *errstr); return FAIL; } } |