Go to the documentation of this file.
   19 template <
typename Fun>
 
   31     const char *strCat = 
nullptr;
 
   40         strCat = 
"want-write";
 
   46     os << (strCat ? strCat : 
"unknown");
 
   93 template <
typename Fun>
 
   98     const auto fd = transport.
fd;
 
   99     auto connection = 
fd_table[fd].ssl.get();
 
  102     const auto callResult = ioCall(connection);
 
  103     const auto xerrno = errno;
 
  105     debugs(83, 5, callResult << 
'/' << xerrno << 
" for TLS connection " <<
 
  106            static_cast<void*
>(connection) << 
" over " << transport);
 
  112     const auto ioError = SSL_get_error(connection, callResult);
 
  117     case SSL_ERROR_WANT_READ:
 
  120     case SSL_ERROR_WANT_WRITE:
 
  132         errorDetail = 
new ErrorDetail(topError, ioError, xerrno);
 
  133         if (
const auto serverCert = SSL_get_peer_certificate(connection))
 
  134             errorDetail->setPeerCertificate(
CertPointer(serverCert));
 
  140     case SSL_ERROR_SYSCALL:
 
  141         if (callResult == 0) {
 
  142             ioResult.errorDescription = 
"peer aborted";
 
  144             ioResult.errorDescription = 
"system call failure";
 
  145             ioResult.important = (xerrno == ECONNRESET);
 
  149     case SSL_ERROR_ZERO_RETURN:
 
  151         ioResult.errorDescription = 
"peer closed";
 
  152         ioResult.important = 
true;
 
  157         ioResult.errorDescription = 
"failure";
 
  158         ioResult.important = 
true;
 
  164     if (callResult == GNUTLS_E_SUCCESS) {
 
  166         const auto desc = gnutls_session_get_desc(connection);
 
  167         debugs(83, 2, 
"TLS session info: " << desc);
 
  174     const auto descIn = gnutls_handshake_get_last_in(connection);
 
  175     debugs(83, 2, 
"handshake IN: " << gnutls_handshake_description_get_name(descIn));
 
  176     const auto descOut = gnutls_handshake_get_last_out(connection);
 
  177     debugs(83, 2, 
"handshake OUT: " << gnutls_handshake_description_get_name(descOut));
 
  179     if (callResult == GNUTLS_E_WARNING_ALERT_RECEIVED) {
 
  180         const auto alert = gnutls_alert_get(connection);
 
  185     if (!gnutls_error_is_fatal(callResult)) {
 
  186         const auto reading = gnutls_record_get_direction(connection) == 0;
 
  195     ioResult.errorDescription = 
"failure";
 
  202            "Unexpected TLS I/O in Squid built without a TLS/SSL library");
 
  215         return SSL_accept(tlsConn);
 
  217         return gnutls_handshake(tlsConn);
 
  219         return sizeof(tlsConn); 
 
  230         return SSL_connect(tlsConn);
 
  232         return gnutls_handshake(tlsConn);
 
  234         return sizeof(tlsConn); 
 
  
int ErrorCode
Squid-defined error code (<0), an error code returned by X.509 API, or zero.
void printDescription(std::ostream &) const
common part of printGist() and printWithExtras()
void printWithExtras(std::ostream &) const
Security::LockingPointer< X509, X509_free_cpp, HardFun< int, X509 *, X509_up_ref > > CertPointer
std::ostream & ForceAlert(std::ostream &s)
a summary a TLS I/O operation outcome
void printGist(std::ostream &) const
reports brief summary (on one line) suitable for low-level debugging
SessionPointer::element_type * ConnectionPointer
Category category
primary outcome classification
void ForgetErrors()
clear any errors that a TLS library has accumulated in its global storage
static IoResult Handshake(Comm::Connection &, ErrorCode, Fun)
static std::ostream & Extra(std::ostream &)
@ SQUID_TLS_ERR_CONNECT
failure to establish a connection with a TLS server
const char * errorDescription
a brief description of an error
IoResult Connect(Comm::Connection &transport)
establish a TLS connection over the specified from-Squid transport connection
void ForgetErrors()
Clear any errors accumulated by OpenSSL in its global storage.
@ SQUID_TLS_ERR_ACCEPT
failure to accept a connection from a TLS client
IoResult Accept(Comm::Connection &transport)
accept a TLS connection over the specified to-Squid transport connection
interface for supplying additional information about a transaction failure
Network/connection security abstraction layer.
#define debugs(SECTION, LEVEL, CONTENT)
int ssl_ex_index_ssl_error_detail