Better exception types to SSLexception

Summary: Better enum exception types for SSLException. These enum types are fairly high level, and more info can be gleaned from the error.what() Reviewed By: knekritz Differential Revision: D3234501 fb-gh-sync-id: 7cd4fbccd7f4367354dc3bd1fe4cd480d58d6173 fbshipit-source-id: 7cd4fbccd7f4367354dc3bd1fe4cd480d58d6173

Better exception types to SSLexception
Summary: Better enum exception types for SSLException. These enum types are fairly high level, and more info can be gleaned from the error.what() Reviewed By: knekritz Differential Revision: D3234501 fb-gh-sync-id: 7cd4fbccd7f4367354dc3bd1fe4cd480d58d6173 fbshipit-source-id: 7cd4fbccd7f4367354dc3bd1fe4cd480d58d6173
0d9217b4 · Subodh Iyengar · Facebook Github Bot 0 · 4708133f · 0d9217b4 · 0d9217b4
Commit 0d9217b4 authored Apr 28, 2016 by Subodh Iyengar Committed by Facebook Github Bot 0 Apr 28, 2016
3 changed files
--- a/folly/io/async/ssl/SSLErrors.cpp
+++ b/folly/io/async/ssl/SSLErrors.cpp
@@ -29,14 +29,14 @@ std::string decodeOpenSSLError(
    int sslOperationReturnValue) {
  if (sslError == SSL_ERROR_SYSCALL && errError == 0) {
    if (sslOperationReturnValue == 0) {
-      return "SSL_ERROR_SYSCALL: EOF";
+      return "Connection EOF";
    } else {
      // In this case errno is set, AsyncSocketException will add it.
-      return "SSL_ERROR_SYSCALL";
+      return "Network error";
    }
  } else if (sslError == SSL_ERROR_ZERO_RETURN) {
    // This signifies a TLS closure alert.
-    return "SSL_ERROR_ZERO_RETURN";
+    return "SSL connection closed normally";
  } else {
    std::array<char, 256> buf;
    std::string msg(ERR_error_string(errError, buf.data()));
@@ -56,9 +56,14 @@ const StringPiece getSSLErrorString(SSLError error) {
    case SSLError::EARLY_WRITE:
      ret = "Attempt to write before SSL connection established";
      break;
-    case SSLError::OPENSSL_ERR:
-      // decodeOpenSSLError should be used for this type.
-      ret = "OPENSSL error";
+    case SSLError::SSL_ERROR:
+      ret = "SSL error";
+      break;
+    case SSLError::NETWORK_ERROR:
+      ret = "Network error";
+      break;
+    case SSLError::EOF_ERROR:
+      ret = "SSL connection closed normally";
      break;
  }
  return ret;
@@ -68,17 +73,23 @@ const StringPiece getSSLErrorString(SSLError error) {
 namespace folly {

 SSLException::SSLException(
-    int sslError,
+    int sslErr,
    unsigned long errError,
    int sslOperationReturnValue,
    int errno_copy)
    : AsyncSocketException(
          AsyncSocketException::SSL_ERROR,
-          decodeOpenSSLError(sslError, errError, sslOperationReturnValue),
-          sslError == SSL_ERROR_SYSCALL ? errno_copy : 0),
-      sslError(SSLError::OPENSSL_ERR),
-      opensslSSLError(sslError),
-      opensslErr(errError) {}
+          decodeOpenSSLError(sslErr, errError, sslOperationReturnValue),
+          sslErr == SSL_ERROR_SYSCALL ? errno_copy : 0) {
+  if (sslErr == SSL_ERROR_ZERO_RETURN) {
+    sslError = SSLError::EOF_ERROR;
+  } else if (sslErr == SSL_ERROR_SYSCALL) {
+    sslError = SSLError::NETWORK_ERROR;
+  } else {
+    // Conservatively assume that this is an SSL error
+    sslError = SSLError::SSL_ERROR;
+  }
+}

 SSLException::SSLException(SSLError error)
    : AsyncSocketException(

--- a/folly/io/async/ssl/SSLErrors.h
+++ b/folly/io/async/ssl/SSLErrors.h
@@ -24,11 +24,9 @@ enum class SSLError {
  CLIENT_RENEGOTIATION, // A client tried to renegotiate with this server
  INVALID_RENEGOTIATION, // We attempted to start a renegotiation.
  EARLY_WRITE, // Wrote before SSL connection established.
-  // An openssl error type. The openssl specific methods should be used
-  // to find the real error type.
-  // This exists for compatibility until all error types can be move to proper
-  // errors.
-  OPENSSL_ERR,
+  SSL_ERROR, // An error related to SSL
+  NETWORK_ERROR, // An error related to the network.
+  EOF_ERROR, // The peer terminated the connection correctly.
 };

 class SSLException : public folly::AsyncSocketException {
@@ -45,19 +43,7 @@ class SSLException : public folly::AsyncSocketException {
    return sslError;
  }

-  // These methods exist for compatibility until there are proper exceptions
-  // for all ssl error types.
-  int getOpensslSSLError() const {
-    return opensslSSLError;
-  }
-
-  unsigned long getOpensslErr() const {
-    return opensslErr;
-  }
-
 private:
  SSLError sslError;
-  int opensslSSLError;
-  unsigned long opensslErr;
 };
 }
--- a/folly/io/async/test/AsyncSSLSocketTest.cpp
+++ b/folly/io/async/test/AsyncSSLSocketTest.cpp
@@ -1609,8 +1609,8 @@ TEST(AsyncSSLSocketTest, ConnResetErrorString) {
  socket->closeWithReset();

  handshakeCallback.waitForHandshake();
-  EXPECT_NE(handshakeCallback.errorString_.find("SSL_ERROR_SYSCALL"),
-            std::string::npos);
+  EXPECT_NE(
+      handshakeCallback.errorString_.find("Network error"), std::string::npos);
  EXPECT_NE(handshakeCallback.errorString_.find("104"), std::string::npos);
 }

@@ -1630,8 +1630,8 @@ TEST(AsyncSSLSocketTest, ConnEOFErrorString) {
  socket->close();

  handshakeCallback.waitForHandshake();
-  EXPECT_NE(handshakeCallback.errorString_.find("SSL_ERROR_SYSCALL"),
-            std::string::npos);
+  EXPECT_NE(
+      handshakeCallback.errorString_.find("Connection EOF"), std::string::npos);
  EXPECT_NE(handshakeCallback.errorString_.find("EOF"), std::string::npos);
 }