Jelajahi Sumber

bedder error handling

Kolja Strohm 3 tahun lalu
induk
melakukan
9202435d1b
1 mengubah file dengan 39 tambahan dan 4 penghapusan
  1. 39 4
      Network/Server.cpp

+ 39 - 4
Network/Server.cpp

@@ -1,4 +1,5 @@
 #include <openssl/ssl.h>
+#include <openssl/err.h>
 #include "Server.h"
 #ifndef WIN32
 #include <string.h>
@@ -280,6 +281,29 @@ int pem_passwd_cb( char *buf, int size, int rwflag, void *userdata )
     return (int)strlen( buf );
 }
 
+bool SSLErrorCheck( int result, SSL *ssl, const char *action )
+{
+    if( result <= 0 )
+    {
+        std::cout << "ERROR: '" << action << "' returned error code: " << SSL_get_error( ssl, result ) << "\n";
+        std::cout.flush();
+        return 0;
+    }
+    return 1;
+}
+
+bool SSLErrorCheck( int result, const char *action )
+{
+    if( result <= 0 )
+    {
+        unsigned long error = ERR_get_error();
+        std::cout << "ERROR: '" << action << "' returned " << result << " error code: " << error << "(" << ERR_reason_error_string( error ) << ")\n";
+        std::cout.flush();
+        return 0;
+    }
+    return 1;
+}
+
 // Inhalt der SSLServer Klasse
 // Konstruktor 
 SSLServer::SSLServer()
@@ -287,6 +311,7 @@ SSLServer::SSLServer()
 {
     s = 0;
     ctx = SSL_CTX_new( SSLv23_server_method() );
+    SSL_CTX_set_min_proto_version( ctx, TLS1_2_VERSION );
     SSL_CTX_set_default_passwd_cb( ctx, pem_passwd_cb );
     passw = new Text();
     SSL_CTX_set_default_passwd_cb_userdata( ctx, passw );
@@ -310,13 +335,13 @@ SSLServer::~SSLServer()
 // Setzt den Pfad zur Datei, in dem das Certifikat gespeichert ist
 bool SSLServer::setCertificateFile( const char *file )
 {
-    return SSL_CTX_use_certificate_file( ctx, file, SSL_FILETYPE_PEM ) > 0;
+    return SSLErrorCheck( SSL_CTX_use_certificate_file( ctx, file, SSL_FILETYPE_PEM ), "SSL_CTX_use_certificate_file" );
 }
 
 // Setzt den Pfad zur Datei, in dem der private Schlüssel gespeichert ist
 bool SSLServer::setPrivateKeyFile( const char *file )
 {
-    return SSL_CTX_use_PrivateKey_file( ctx, file, SSL_FILETYPE_PEM ) > 0;
+    return SSLErrorCheck( SSL_CTX_use_PrivateKey_file( ctx, file, SSL_FILETYPE_PEM ), "SSL_CTX_use_PrivateKey_file" );
 }
 
 // setzt das passwort des private keys (muss vor setPrivateKeyFile aufgerufen werden)
@@ -373,8 +398,18 @@ SSLSKlient *SSLServer::getKlient()
 #endif
     addr.sin_port = this->addr.sin_port;
     SSL *ssl = SSL_new( ctx );
-    SSL_set_fd( ssl, (int)client );
-    if( SSL_accept( ssl ) <= 0 )
+    if( ssl == 0 && !SSLErrorCheck( 0, "SSL_new" ) )
+    {
+        closesocket( client );
+        return 0;
+    }
+    if( !SSLErrorCheck( SSL_set_fd( ssl, (int)client ), ssl, "SSL_set_fd" ) )
+    {
+        SSL_free( ssl );
+        closesocket( client );
+        return 0;
+    }
+    if( !SSLErrorCheck( SSL_accept( ssl ), ssl, "SSL_accept" ) )
     {
         SSL_free( ssl );
         closesocket( client );