diff options
Diffstat (limited to 'src/libserver')
-rw-r--r-- | src/libserver/http/http_connection.c | 31 | ||||
-rw-r--r-- | src/libserver/ssl_util.c | 19 |
2 files changed, 28 insertions, 22 deletions
diff --git a/src/libserver/http/http_connection.c b/src/libserver/http/http_connection.c index 050fb4285..bf4d07b72 100644 --- a/src/libserver/http/http_connection.c +++ b/src/libserver/http/http_connection.c @@ -820,7 +820,7 @@ rspamd_http_write_helper (struct rspamd_http_connection *conn) if (r == -1) { if (!priv->ssl) { - err = g_error_new (HTTP_ERROR, errno, "IO write error: %s", strerror (errno)); + err = g_error_new (HTTP_ERROR, 500, "IO write error: %s", strerror (errno)); rspamd_http_connection_ref (conn); conn->error_handler (conn, err); rspamd_http_connection_unref (conn); @@ -970,9 +970,16 @@ rspamd_http_event_handler (int fd, short what, gpointer ud) return; } else { - err = g_error_new (HTTP_ERROR, 500 + priv->parser.http_errno, - "HTTP parser error: %s", - http_errno_description (priv->parser.http_errno)); + if (priv->parser.http_errno > HPE_CB_status) { + err = g_error_new (HTTP_ERROR, 400, + "HTTP parser error: %s", + http_errno_description (priv->parser.http_errno)); + } + else { + err = g_error_new (HTTP_ERROR, 500, + "HTTP parser internal error: %s", + http_errno_description (priv->parser.http_errno)); + } } if (!conn->finished) { @@ -996,7 +1003,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud) if (!conn->finished) { err = g_error_new (HTTP_ERROR, - errno, + 400, "IO read error: unexpected EOF"); conn->error_handler (conn, err); g_error_free (err); @@ -1009,8 +1016,8 @@ rspamd_http_event_handler (int fd, short what, gpointer ud) else { if (!priv->ssl) { err = g_error_new (HTTP_ERROR, - errno, - "IO read error: %s", + 500, + "HTTP IO read error: %s", strerror (errno)); conn->error_handler (conn, err); g_error_free (err); @@ -1029,7 +1036,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud) if (r > 0) { if (http_parser_execute (&priv->parser, &priv->parser_cb, d, r) != (size_t)r || priv->parser.http_errno != 0) { - err = g_error_new (HTTP_ERROR, priv->parser.http_errno, + err = g_error_new (HTTP_ERROR, 400, "HTTP parser error: %s", http_errno_description (priv->parser.http_errno)); @@ -1050,7 +1057,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud) } else if (r == 0) { if (!conn->finished) { - err = g_error_new (HTTP_ERROR, ETIMEDOUT, + err = g_error_new (HTTP_ERROR, 408, "IO timeout"); conn->error_handler (conn, err); g_error_free (err); @@ -1062,7 +1069,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud) return; } else { - err = g_error_new (HTTP_ERROR, ETIMEDOUT, + err = g_error_new (HTTP_ERROR, 408, "IO timeout"); conn->error_handler (conn, err); g_error_free (err); @@ -2258,7 +2265,7 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn priv->ctx->ssl_ctx_noverify : priv->ctx->ssl_ctx; if (!ssl_ctx) { - err = g_error_new (HTTP_ERROR, errno, "ssl message requested " + err = g_error_new (HTTP_ERROR, 400, "ssl message requested " "with no ssl ctx"); rspamd_http_connection_ref (conn); conn->error_handler (conn, err); @@ -2281,7 +2288,7 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn priv->timeout, rspamd_http_event_handler, rspamd_http_ssl_err_handler, conn)) { - err = g_error_new (HTTP_ERROR, errno, + err = g_error_new (HTTP_ERROR, 400, "ssl connection error: ssl error=%s, errno=%s", ERR_error_string (ERR_get_error (), NULL), strerror (errno)); diff --git a/src/libserver/ssl_util.c b/src/libserver/ssl_util.c index c01f7467f..b9fb175e5 100644 --- a/src/libserver/ssl_util.c +++ b/src/libserver/ssl_util.c @@ -356,7 +356,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c) ver_err = SSL_get_verify_result (c->ssl); if (ver_err != X509_V_OK) { - g_set_error (&err, rspamd_ssl_quark (), ver_err, "certificate validation " + g_set_error (&err, rspamd_ssl_quark (), 400, "certificate validation " "failed: %s", X509_verify_cert_error_string (ver_err)); c->err_handler (c->handler_data, err); g_error_free (err); @@ -367,7 +367,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c) /* Get server's certificate */ server_cert = SSL_get_peer_certificate (c->ssl); if (server_cert == NULL) { - g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate is absent"); + g_set_error (&err, rspamd_ssl_quark (), 401, "peer certificate is absent"); c->err_handler (c->handler_data, err); g_error_free (err); @@ -377,7 +377,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c) if (c->hostname) { if (!rspamd_tls_check_name (server_cert, c->hostname)) { X509_free (server_cert); - g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate fails " + g_set_error (&err, rspamd_ssl_quark (), 403, "peer certificate fails " "hostname verification for %s", c->hostname); c->err_handler (c->handler_data, err); g_error_free (err); @@ -396,22 +396,21 @@ rspamd_tls_set_error (gint retcode, const gchar *stage, GError **err) { GString *reason; gchar buf[120]; - gint err_code = 0, last_err = 0; + gint err_code = 0; reason = g_string_sized_new (sizeof (buf)); if (retcode == SSL_ERROR_SYSCALL) { rspamd_printf_gstring (reason, "syscall fail: %s", strerror (errno)); - err_code = errno; + err_code = 500; } else { while ((err_code = ERR_get_error()) != 0) { - last_err = err_code; ERR_error_string (err_code, buf); rspamd_printf_gstring (reason, "ssl error: %s,", buf); } - err_code = last_err; + err_code = 400; if (reason->len > 0 && reason->str[reason->len - 1] == ',') { reason->str[reason->len - 1] = '\0'; @@ -544,7 +543,7 @@ rspamd_ssl_event_handler (gint fd, short what, gpointer ud) else { conn->shut = ssl_shut_unclean; rspamd_ev_watcher_stop (conn->event_loop, conn->ev); - g_set_error (&err, rspamd_ssl_quark (), ETIMEDOUT, + g_set_error (&err, rspamd_ssl_quark (), 408, "ssl connection timed out"); conn->err_handler (conn->handler_data, err); g_error_free (err); @@ -616,7 +615,7 @@ rspamd_ssl_event_handler (gint fd, short what, gpointer ud) break; default: rspamd_ev_watcher_stop (conn->event_loop, conn->ev); - g_set_error (&err, rspamd_ssl_quark (), EINVAL, + g_set_error (&err, rspamd_ssl_quark (), 500, "ssl bad state error: %d", conn->state); conn->err_handler (conn->handler_data, err); g_error_free (err); @@ -760,7 +759,7 @@ rspamd_ssl_read (struct rspamd_ssl_connection *conn, gpointer buf, if (conn->state != ssl_conn_connected && conn->state != ssl_next_read) { errno = EINVAL; - g_set_error (&err, rspamd_ssl_quark (), ECONNRESET, + g_set_error (&err, rspamd_ssl_quark (), 400, "ssl state error: cannot read data"); conn->shut = ssl_shut_unclean; conn->err_handler (conn->handler_data, err); |