From 32aff2b27ccc3b3e51fb6f0bd77fe0073827c527 Mon Sep 17 00:00:00 2001 From: Jakub Sławiński Date: Tue, 7 Jun 2005 12:06:18 +0200 Subject: v0.7 - Added: http proxy tunnels between afserver and afclient - Fixed: sigint interception with threads enabled (in http proxy mode) - Fixed: FATAL ERROR in afclient in some situations after close of afserver when http proxy mode is enabled - Added: afclients can connect directly to afserver with enabled proxy mode - Fixed: timeout routine in http proxy tunnels - Added: 'rshow' command in ra mode displays 'tunneltype' - Fixed: printing IP of clients when http proxy mode is enabled - Added: 'tunneltype' per client in ra mode after 'cshow' command - Fixed: closing connection when http proxy mode is enabled - Fixed: threads initialization - Fixed: afserver closing after sigint - Fixed: afclient threads initialization - Added: 'version' option to display program version number - Modified: establishing afclient<->afserver connection - Added: 'keep-alive' option - Fixed: using 'proxyport' without 'proxyname' - Added: auto-reconnect feature to afclient - Added: 'ar-tries' and 'ar-delay' options - Modified: http proxy logging - Fixed: closing connection with afclient after receiving id - Fixed: thread closing due to wrong initialization sequence - Fixed: small bug in initialization process - Heavily Modified: logging routines - Added: audit option - Modified: default dateformat is now ISO 8601 - Modified: printing usage - Fixed: bug in threads' initialization in afclient - Added: 'timeout' and 'dateformat' options in ra mode - Modified: empty dateformat disables printing '[] ' - Added: 'audit' and 'dnslookups' options in ra mode - Fixed: afserver freeze bug - Added: 'kuser' and 'kclient' options in ra mode - Fixed: bug in starting afclient in ra mode - Added: audit log printed also after kicking the client --- src/make_ssl_handshake.c | 40 ++++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 14 deletions(-) (limited to 'src/make_ssl_handshake.c') diff --git a/src/make_ssl_handshake.c b/src/make_ssl_handshake.c index a5c97eb..d4cdd55 100644 --- a/src/make_ssl_handshake.c +++ b/src/make_ssl_handshake.c @@ -18,10 +18,11 @@ * */ +#include + #include "make_ssl_handshake.h" #include "stats.h" - -#include +#include "logging.h" #include #include @@ -30,7 +31,8 @@ void make_ssl_initialize(clifd *cliconn) { if (SSL_set_fd(cliconn->ssl, cliconn->commfd) != 1) { - aflog(0, "Problem with initializing ssl... exiting"); + aflog(LOG_T_INIT, LOG_I_CRIT, + "Problem with initializing ssl... exiting"); exit(1); } } @@ -40,7 +42,7 @@ make_ssl_accept(clifd *cliconn) { int result; if ((result = SSL_accept(cliconn->ssl)) != 1) { - return get_ssl_error(cliconn, " SSL_accept has failed", result); + return get_ssl_error(cliconn, "SSL_accept has failed", result); } return 0; } @@ -55,45 +57,55 @@ get_ssl_error(clifd *cliconn, char* info, int result) merror = SSL_get_error(cliconn->ssl, result); switch (merror) { case SSL_ERROR_NONE : { - aflog(2, "%s(%d): none", info, result); + aflog(LOG_T_MAIN, LOG_I_WARNING, + "%s(%d): none", info, result); break; } case SSL_ERROR_ZERO_RETURN : { - aflog(2, "%s(%d): zero", info, result); + aflog(LOG_T_MAIN, LOG_I_WARNING, + "%s(%d): zero", info, result); break; } case SSL_ERROR_WANT_READ : { - aflog(2, "%s(%d): w_read", info, result); + aflog(LOG_T_MAIN, LOG_I_WARNING, + "%s(%d): w_read", info, result); break; } case SSL_ERROR_WANT_WRITE : { - aflog(2, "%s(%d): w_write", info, result); + aflog(LOG_T_MAIN, LOG_I_WARNING, + "%s(%d): w_write", info, result); break; } case SSL_ERROR_WANT_CONNECT : { - aflog(2, "%s(%d): w_connect", info, result); + aflog(LOG_T_MAIN, LOG_I_WARNING, + "%s(%d): w_connect", info, result); break; } case SSL_ERROR_WANT_X509_LOOKUP : { - aflog(2, "%s(%d): w_x509_lookup", info, result); + aflog(LOG_T_MAIN, LOG_I_WARNING, + "%s(%d): w_x509_lookup", info, result); break; } case SSL_ERROR_SYSCALL : { - aflog(2, "%s(%d): syscall", info, result); + aflog(LOG_T_MAIN, LOG_I_WARNING, + "%s(%d): syscall", info, result); break; } case SSL_ERROR_SSL : { SSL_load_error_strings(); #ifdef HAVE_ERR_ERROR_STRING - aflog(2, "%s(%d): ssl:%s", info, result, + aflog(LOG_T_MAIN, LOG_I_WARNING, + "%s(%d): ssl:%s", info, result, ERR_error_string(ERR_get_error(), err_buff)); #else - aflog(2, "%s(%d): ssl", info, result); + aflog(LOG_T_MAIN, LOG_I_WARNING, + "%s(%d): ssl", info, result); #endif break; } default: { - aflog(2, "%s(%d): unrecognized error (%d)", info, result, errno); + aflog(LOG_T_MAIN, LOG_I_WARNING, + "%s(%d): unrecognized error (%d)", info, result, errno); } } if (merror == SSL_ERROR_WANT_READ) { -- cgit v1.1