From fcf198456fcd8e80c78b58c6616f7cf1266406cc Mon Sep 17 00:00:00 2001 From: Magnus Henoch Date: Wed, 28 Oct 2015 17:06:10 +0000 Subject: Report bad options for TLS distribution connections If ssl:ssl_accept/2 returns an error related to options, it's most likely something we want to log. In particular, if the specified certificate file doesn't exist, this is where the error ends up, so we shouldn't just throw the error away. --- lib/ssl/src/ssl_tls_dist_proxy.erl | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lib/ssl') diff --git a/lib/ssl/src/ssl_tls_dist_proxy.erl b/lib/ssl/src/ssl_tls_dist_proxy.erl index a22af6b960..e7f7fa96a1 100644 --- a/lib/ssl/src/ssl_tls_dist_proxy.erl +++ b/lib/ssl/src/ssl_tls_dist_proxy.erl @@ -157,6 +157,11 @@ accept_loop(Proxy, world = Type, Listen, Extra) -> end), ok = ssl:controlling_process(SslSocket, PairHandler), flush_old_controller(PairHandler, SslSocket); + {error, {options, _}} = Error -> + %% Bad options: that's probably our fault. Let's log that. + error_logger:error_msg("Cannot accept TLS distribution connection: ~s~n", + [ssl:format_error(Error)]), + gen_tcp:close(Socket); _ -> gen_tcp:close(Socket) end; -- cgit v1.2.3 From 5f49de9d6e8ae247b10e37c085bf1d1dc9945ac8 Mon Sep 17 00:00:00 2001 From: Magnus Henoch Date: Wed, 28 Oct 2015 17:15:36 +0000 Subject: Save error reasons for TLS distribution connections When establishing an outbound connection for TLS distribution, let's hold on to the failure reasons and use them as exit reasons. These exit reasons are normally invisible, but they can be seen in the logs after calling net_kernel:verbose(1). While there are trace messages in the code already, those require recompiling the module with a special flag, which is more cumbersome than changing the net_kernel verbosity level at run time. --- lib/ssl/src/inet_tls_dist.erl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/ssl') diff --git a/lib/ssl/src/inet_tls_dist.erl b/lib/ssl/src/inet_tls_dist.erl index 7367b5c224..411bb44bdc 100644 --- a/lib/ssl/src/inet_tls_dist.erl +++ b/lib/ssl/src/inet_tls_dist.erl @@ -75,23 +75,23 @@ do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) -> Timer, Version, Ip, TcpPort, Address, Type), dist_util:handshake_we_started(HSData); - _ -> + Other -> %% Other Node may have closed since %% port_please ! ?trace("other node (~p) " "closed since port_please.~n", [Node]), - ?shutdown(Node) + ?shutdown2(Node, {shutdown, {connect_failed, Other}}) end; - _ -> + Other -> ?trace("port_please (~p) " "failed.~n", [Node]), - ?shutdown(Node) + ?shutdown2(Node, {shutdown, {port_please_failed, Other}}) end; - _Other -> + Other -> ?trace("inet_getaddr(~p) " "failed (~p).~n", [Node,Other]), - ?shutdown(Node) + ?shutdown2(Node, {shutdown, {inet_getaddr_failed, Other}}) end. close(Socket) -> -- cgit v1.2.3 From 91006821c6d65708fa05a93ec1edc2372326a3cb Mon Sep 17 00:00:00 2001 From: Magnus Henoch Date: Mon, 9 Nov 2015 18:25:56 +0000 Subject: Report bad options for outgoing TLS distribution If ssl:connect/3 returns an error related to options, let's log that so we have a chance to see it and fix it. --- lib/ssl/src/ssl_tls_dist_proxy.erl | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lib/ssl') diff --git a/lib/ssl/src/ssl_tls_dist_proxy.erl b/lib/ssl/src/ssl_tls_dist_proxy.erl index e7f7fa96a1..1f48ce9e8c 100644 --- a/lib/ssl/src/ssl_tls_dist_proxy.erl +++ b/lib/ssl/src/ssl_tls_dist_proxy.erl @@ -193,6 +193,11 @@ setup_proxy(Ip, Port, Parent) -> Err -> Parent ! {self(), Err} end; + {error, {options, _}} = Err -> + %% Bad options: that's probably our fault. Let's log that. + error_logger:error_msg("Cannot open TLS distribution connection: ~s~n", + [ssl:format_error(Err)]), + Parent ! {self(), Err}; Err -> Parent ! {self(), Err} end. -- cgit v1.2.3