aboutsummaryrefslogtreecommitdiffstats
path: root/src/libserver
diff options
context:
space:
mode:
Diffstat (limited to 'src/libserver')
-rw-r--r--src/libserver/http/http_connection.c31
-rw-r--r--src/libserver/ssl_util.c19
2 files changed, 28 insertions, 22 deletions
diff --git a/src/libserver/http/http_connection.c b/src/libserver/http/http_connection.c
index 050fb4285..bf4d07b72 100644
--- a/src/libserver/http/http_connection.c
+++ b/src/libserver/http/http_connection.c
@@ -820,7 +820,7 @@ rspamd_http_write_helper (struct rspamd_http_connection *conn)
if (r == -1) {
if (!priv->ssl) {
- err = g_error_new (HTTP_ERROR, errno, "IO write error: %s", strerror (errno));
+ err = g_error_new (HTTP_ERROR, 500, "IO write error: %s", strerror (errno));
rspamd_http_connection_ref (conn);
conn->error_handler (conn, err);
rspamd_http_connection_unref (conn);
@@ -970,9 +970,16 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
return;
}
else {
- err = g_error_new (HTTP_ERROR, 500 + priv->parser.http_errno,
- "HTTP parser error: %s",
- http_errno_description (priv->parser.http_errno));
+ if (priv->parser.http_errno > HPE_CB_status) {
+ err = g_error_new (HTTP_ERROR, 400,
+ "HTTP parser error: %s",
+ http_errno_description (priv->parser.http_errno));
+ }
+ else {
+ err = g_error_new (HTTP_ERROR, 500,
+ "HTTP parser internal error: %s",
+ http_errno_description (priv->parser.http_errno));
+ }
}
if (!conn->finished) {
@@ -996,7 +1003,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
if (!conn->finished) {
err = g_error_new (HTTP_ERROR,
- errno,
+ 400,
"IO read error: unexpected EOF");
conn->error_handler (conn, err);
g_error_free (err);
@@ -1009,8 +1016,8 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
else {
if (!priv->ssl) {
err = g_error_new (HTTP_ERROR,
- errno,
- "IO read error: %s",
+ 500,
+ "HTTP IO read error: %s",
strerror (errno));
conn->error_handler (conn, err);
g_error_free (err);
@@ -1029,7 +1036,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
if (r > 0) {
if (http_parser_execute (&priv->parser, &priv->parser_cb,
d, r) != (size_t)r || priv->parser.http_errno != 0) {
- err = g_error_new (HTTP_ERROR, priv->parser.http_errno,
+ err = g_error_new (HTTP_ERROR, 400,
"HTTP parser error: %s",
http_errno_description (priv->parser.http_errno));
@@ -1050,7 +1057,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
}
else if (r == 0) {
if (!conn->finished) {
- err = g_error_new (HTTP_ERROR, ETIMEDOUT,
+ err = g_error_new (HTTP_ERROR, 408,
"IO timeout");
conn->error_handler (conn, err);
g_error_free (err);
@@ -1062,7 +1069,7 @@ rspamd_http_event_handler (int fd, short what, gpointer ud)
return;
}
else {
- err = g_error_new (HTTP_ERROR, ETIMEDOUT,
+ err = g_error_new (HTTP_ERROR, 408,
"IO timeout");
conn->error_handler (conn, err);
g_error_free (err);
@@ -2258,7 +2265,7 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn
priv->ctx->ssl_ctx_noverify : priv->ctx->ssl_ctx;
if (!ssl_ctx) {
- err = g_error_new (HTTP_ERROR, errno, "ssl message requested "
+ err = g_error_new (HTTP_ERROR, 400, "ssl message requested "
"with no ssl ctx");
rspamd_http_connection_ref (conn);
conn->error_handler (conn, err);
@@ -2281,7 +2288,7 @@ rspamd_http_connection_write_message_common (struct rspamd_http_connection *conn
priv->timeout, rspamd_http_event_handler,
rspamd_http_ssl_err_handler, conn)) {
- err = g_error_new (HTTP_ERROR, errno,
+ err = g_error_new (HTTP_ERROR, 400,
"ssl connection error: ssl error=%s, errno=%s",
ERR_error_string (ERR_get_error (), NULL),
strerror (errno));
diff --git a/src/libserver/ssl_util.c b/src/libserver/ssl_util.c
index c01f7467f..b9fb175e5 100644
--- a/src/libserver/ssl_util.c
+++ b/src/libserver/ssl_util.c
@@ -356,7 +356,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
ver_err = SSL_get_verify_result (c->ssl);
if (ver_err != X509_V_OK) {
- g_set_error (&err, rspamd_ssl_quark (), ver_err, "certificate validation "
+ g_set_error (&err, rspamd_ssl_quark (), 400, "certificate validation "
"failed: %s", X509_verify_cert_error_string (ver_err));
c->err_handler (c->handler_data, err);
g_error_free (err);
@@ -367,7 +367,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
/* Get server's certificate */
server_cert = SSL_get_peer_certificate (c->ssl);
if (server_cert == NULL) {
- g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate is absent");
+ g_set_error (&err, rspamd_ssl_quark (), 401, "peer certificate is absent");
c->err_handler (c->handler_data, err);
g_error_free (err);
@@ -377,7 +377,7 @@ rspamd_ssl_peer_verify (struct rspamd_ssl_connection *c)
if (c->hostname) {
if (!rspamd_tls_check_name (server_cert, c->hostname)) {
X509_free (server_cert);
- g_set_error (&err, rspamd_ssl_quark (), ver_err, "peer certificate fails "
+ g_set_error (&err, rspamd_ssl_quark (), 403, "peer certificate fails "
"hostname verification for %s", c->hostname);
c->err_handler (c->handler_data, err);
g_error_free (err);
@@ -396,22 +396,21 @@ rspamd_tls_set_error (gint retcode, const gchar *stage, GError **err)
{
GString *reason;
gchar buf[120];
- gint err_code = 0, last_err = 0;
+ gint err_code = 0;
reason = g_string_sized_new (sizeof (buf));
if (retcode == SSL_ERROR_SYSCALL) {
rspamd_printf_gstring (reason, "syscall fail: %s", strerror (errno));
- err_code = errno;
+ err_code = 500;
}
else {
while ((err_code = ERR_get_error()) != 0) {
- last_err = err_code;
ERR_error_string (err_code, buf);
rspamd_printf_gstring (reason, "ssl error: %s,", buf);
}
- err_code = last_err;
+ err_code = 400;
if (reason->len > 0 && reason->str[reason->len - 1] == ',') {
reason->str[reason->len - 1] = '\0';
@@ -544,7 +543,7 @@ rspamd_ssl_event_handler (gint fd, short what, gpointer ud)
else {
conn->shut = ssl_shut_unclean;
rspamd_ev_watcher_stop (conn->event_loop, conn->ev);
- g_set_error (&err, rspamd_ssl_quark (), ETIMEDOUT,
+ g_set_error (&err, rspamd_ssl_quark (), 408,
"ssl connection timed out");
conn->err_handler (conn->handler_data, err);
g_error_free (err);
@@ -616,7 +615,7 @@ rspamd_ssl_event_handler (gint fd, short what, gpointer ud)
break;
default:
rspamd_ev_watcher_stop (conn->event_loop, conn->ev);
- g_set_error (&err, rspamd_ssl_quark (), EINVAL,
+ g_set_error (&err, rspamd_ssl_quark (), 500,
"ssl bad state error: %d", conn->state);
conn->err_handler (conn->handler_data, err);
g_error_free (err);
@@ -760,7 +759,7 @@ rspamd_ssl_read (struct rspamd_ssl_connection *conn, gpointer buf,
if (conn->state != ssl_conn_connected && conn->state != ssl_next_read) {
errno = EINVAL;
- g_set_error (&err, rspamd_ssl_quark (), ECONNRESET,
+ g_set_error (&err, rspamd_ssl_quark (), 400,
"ssl state error: cannot read data");
conn->shut = ssl_shut_unclean;
conn->err_handler (conn->handler_data, err);