Adding pass/fail retry logic to connection attempts #4697 #4650

This commit is contained in:
Adam Potolsky 2015-05-21 15:22:39 -07:00
parent 18d85f1b6b
commit e4f86a8934
2 changed files with 60 additions and 38 deletions

View File

@ -249,7 +249,7 @@ SecureSocket::createSSL()
} }
} }
bool int
SecureSocket::secureAccept(int socket) SecureSocket::secureAccept(int socket)
{ {
createSSL(); createSSL();
@ -269,24 +269,31 @@ SecureSocket::secureAccept(int socket)
// tell user and sleep so the socket isn't hammered. // tell user and sleep so the socket isn't hammered.
LOG((CLOG_ERR "failed to accept secure socket")); LOG((CLOG_ERR "failed to accept secure socket"));
LOG((CLOG_INFO "client connection may not be secure")); LOG((CLOG_INFO "client connection may not be secure"));
m_secureReady = false;
ARCH->sleep(1); ARCH->sleep(1);
return -1; // Failed, error out
} }
// If not fatal and no retry, state is good
if (retry == 0) { if (retry == 0) {
m_secureReady = true; m_secureReady = true;
}
else {
m_secureReady = false;
}
if (m_secureReady) {
LOG((CLOG_INFO "accepted secure socket")); LOG((CLOG_INFO "accepted secure socket"));
return 1;
} }
return !m_secureReady; // If not fatal and retry is set, not ready, and return retry
if (retry > 0) {
LOG((CLOG_DEBUG2 "retry accepting secure socket"));
m_secureReady = false;
return 0;
}
// no good state exists here
LOG((CLOG_ERR "unexpected state attempting to accept connection"));
return -1;
} }
bool int
SecureSocket::secureConnect(int socket) SecureSocket::secureConnect(int socket)
{ {
createSSL(); createSSL();
@ -304,31 +311,32 @@ SecureSocket::secureConnect(int socket)
if (fatal) { if (fatal) {
LOG((CLOG_ERR "failed to connect secure socket")); LOG((CLOG_ERR "failed to connect secure socket"));
LOG((CLOG_INFO "server connection may not be secure")); return -1;
return false;
} }
if (retry == 0) { // If we should retry, not ready and return 0
m_secureReady = true; if (retry > 0) {
LOG((CLOG_DEBUG2 "retry connect secure socket"));
m_secureReady = false;
return 0;
}
// No error, set ready, process and return ok
m_secureReady = true;
if (verifyCertFingerprint()) {
LOG((CLOG_INFO "connected to secure socket"));
if (!showCertificate()) {
disconnect();
return -1;// Cert fail, error
}
} }
else { else {
m_secureReady = false; LOG((CLOG_ERR "failed to verify server certificate fingerprint"));
disconnect();
return -1; // Fingerprint failed, error
} }
LOG((CLOG_DEBUG2 "connected secure socket"));
if (m_secureReady) { return 1;
if (verifyCertFingerprint()) {
LOG((CLOG_INFO "connected to secure socket"));
if (!showCertificate()) {
disconnect();
}
}
else {
LOG((CLOG_ERR "failed to verify server certificate fingerprint"));
disconnect();
}
}
return !m_secureReady;
} }
bool bool
@ -545,14 +553,21 @@ SecureSocket::serviceConnect(ISocketMultiplexerJob* job,
{ {
Lock lock(&getMutex()); Lock lock(&getMutex());
bool retry = true; int status = 0;
#ifdef SYSAPI_WIN32 #ifdef SYSAPI_WIN32
retry = secureConnect(static_cast<int>(getSocket()->m_socket)); status = secureConnect(static_cast<int>(getSocket()->m_socket));
#elif SYSAPI_UNIX #elif SYSAPI_UNIX
retry = secureConnect(getSocket()->m_fd); retry = secureConnect(getSocket()->m_fd);
#endif #endif
return retry ? job : newJob(); if (status > 0) {
return newJob();
}
else if (status == 0) {
return job;
}
// If status < 0, error happened
return NULL;
} }
ISocketMultiplexerJob* ISocketMultiplexerJob*
@ -561,12 +576,19 @@ SecureSocket::serviceAccept(ISocketMultiplexerJob* job,
{ {
Lock lock(&getMutex()); Lock lock(&getMutex());
bool retry = true; int status = 0;
#ifdef SYSAPI_WIN32 #ifdef SYSAPI_WIN32
retry = secureAccept(static_cast<int>(getSocket()->m_socket)); status = secureAccept(static_cast<int>(getSocket()->m_socket));
#elif SYSAPI_UNIX #elif SYSAPI_UNIX
retry = secureAccept(getSocket()->m_fd); status = secureAccept(getSocket()->m_fd);
#endif #endif
return retry ? job : newJob(); if (status > 0) {
return newJob();
}
else if (status == 0) {
return job;
}
// If status < 0, error happened
return NULL;
} }

View File

@ -57,8 +57,8 @@ private:
// SSL // SSL
void initContext(bool server); void initContext(bool server);
void createSSL(); void createSSL();
bool secureAccept(int s); int secureAccept(int s);
bool secureConnect(int s); int secureConnect(int s);
bool showCertificate(); bool showCertificate();
void checkResult(int n, bool& fatal, int& retry); void checkResult(int n, bool& fatal, int& retry);
void showError(const char* reason = NULL); void showError(const char* reason = NULL);