From 122491e1cbf3e4a05e48fa706c1c4cf930893942 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Cervi=C3=B1o?= Date: Tue, 10 Dec 2019 16:53:43 +0100 Subject: [PATCH 1/2] Better handling of SSL errors in DTLS --- erizo/src/erizo/dtls/DtlsSocket.cpp | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/erizo/src/erizo/dtls/DtlsSocket.cpp b/erizo/src/erizo/dtls/DtlsSocket.cpp index 2d8ddd6fe8..71e573fa0d 100644 --- a/erizo/src/erizo/dtls/DtlsSocket.cpp +++ b/erizo/src/erizo/dtls/DtlsSocket.cpp @@ -120,15 +120,11 @@ void DtlsSocket::forceRetransmit() { void DtlsSocket::doHandshakeIteration() { boost::mutex::scoped_lock lock(handshakeMutex_); - char errbuf[1024]; int sslerr; - if (mHandshakeCompleted) - return; - - int r = SSL_do_handshake(mSsl); - errbuf[0] = 0; - ERR_error_string_n(ERR_peek_error(), errbuf, sizeof(errbuf)); + if (mHandshakeCompleted) { + return; + } // See what was written unsigned char *outBioData; @@ -138,6 +134,8 @@ void DtlsSocket::doHandshakeIteration() { outBioLen, DTLS_MTU); } + int r = SSL_do_handshake(mSsl); + // Now handle handshake errors */ switch (sslerr = SSL_get_error(mSsl, r)) { case SSL_ERROR_NONE: @@ -148,8 +146,11 @@ void DtlsSocket::doHandshakeIteration() { break; default: ELOG_ERROR("SSL error %d", sslerr); + char error_string_buffer[1024]; + + ERR_error_string_n(sslerr, error_string_buffer, sizeof(error_string_buffer)); - mSocketContext->handshakeFailed(errbuf); + mSocketContext->handshakeFailed(error_string_buffer); // Note: need to fall through to propagate alerts, if any break; } From cd821e3c6c0cc953d78584dcd3e51de923aa7f70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20Cervi=C3=B1o?= Date: Tue, 10 Dec 2019 16:56:31 +0100 Subject: [PATCH 2/2] Fix last commit --- erizo/src/erizo/dtls/DtlsSocket.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/erizo/src/erizo/dtls/DtlsSocket.cpp b/erizo/src/erizo/dtls/DtlsSocket.cpp index 71e573fa0d..86418db51d 100644 --- a/erizo/src/erizo/dtls/DtlsSocket.cpp +++ b/erizo/src/erizo/dtls/DtlsSocket.cpp @@ -120,12 +120,14 @@ void DtlsSocket::forceRetransmit() { void DtlsSocket::doHandshakeIteration() { boost::mutex::scoped_lock lock(handshakeMutex_); - int sslerr; + int ssl_error_code; if (mHandshakeCompleted) { return; } + int return_value = SSL_do_handshake(mSsl); + // See what was written unsigned char *outBioData; int outBioLen = BIO_get_mem_data(mOutBio, &outBioData); @@ -134,10 +136,8 @@ void DtlsSocket::doHandshakeIteration() { outBioLen, DTLS_MTU); } - int r = SSL_do_handshake(mSsl); - // Now handle handshake errors */ - switch (sslerr = SSL_get_error(mSsl, r)) { + switch (ssl_error_code = SSL_get_error(mSsl, return_value)) { case SSL_ERROR_NONE: mHandshakeCompleted = true; mSocketContext->handshakeCompleted(); @@ -145,10 +145,10 @@ void DtlsSocket::doHandshakeIteration() { case SSL_ERROR_WANT_READ: break; default: - ELOG_ERROR("SSL error %d", sslerr); + ELOG_ERROR("message: SSL error %d", ssl_error_code); char error_string_buffer[1024]; - ERR_error_string_n(sslerr, error_string_buffer, sizeof(error_string_buffer)); + ERR_error_string_n(ssl_error_code, error_string_buffer, sizeof(error_string_buffer)); mSocketContext->handshakeFailed(error_string_buffer); // Note: need to fall through to propagate alerts, if any