From b90406e36cfef4cf6aaf104c3a403f6745763b5b Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 15 Jul 2023 16:12:58 +0100 Subject: OpenSSL: add remote host info to log line for in-connection TLS error. Bug 3010 --- src/src/receive.c | 5 ++--- src/src/tls-openssl.c | 7 ++++++- test/runtest | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/src/receive.c b/src/src/receive.c index 0891a4a8c..4271561d7 100644 --- a/src/src/receive.c +++ b/src/src/receive.c @@ -3911,8 +3911,7 @@ else break; } - g = string_append(NULL, 2, US"F=", - sender_address[0] == 0 ? US"<>" : sender_address); + g = string_append(NULL, 2, US"F=", *sender_address ? sender_address : US"<>"); g = add_host_info_for_log(g); log_write(0, LOG_MAIN|LOG_REJECT, "%Y %srejected by local_scan(): %.256s", @@ -4056,7 +4055,7 @@ g = string_get(256); g = string_append(g, 2, fake_response == FAIL ? US"(= " : US"<= ", - sender_address[0] == 0 ? US"<>" : sender_address); + *sender_address ? sender_address : US"<>"); if (message_reference) g = string_append(g, 2, US" R=", message_reference); diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 22c8ea99a..2e537a160 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -4532,10 +4532,15 @@ switch(error) /* Handle genuine errors */ case SSL_ERROR_SSL: + { + uschar * conn_info = smtp_get_connection_info(); + if (Ustrncmp(conn_info, US"SMTP ", 5) == 0) conn_info += 5; + /* I'd like to get separated H= here, but too hard for now */ ERR_error_string_n(ERR_get_error(), ssl_errstring, sizeof(ssl_errstring)); - log_write(0, LOG_MAIN, "TLS error (SSL_read): %s", ssl_errstring); + log_write(0, LOG_MAIN, "TLS error (SSL_read): on %s %s", conn_info, ssl_errstring); ssl_xfer_error = TRUE; return FALSE; + } default: DEBUG(D_tls) debug_printf("Got SSL error %d\n", error); diff --git a/test/runtest b/test/runtest index e918b0cdf..17f7ab4c9 100755 --- a/test/runtest +++ b/test/runtest @@ -1556,7 +1556,7 @@ RESET_AFTER_EXTRA_LINE_READ: # OpenSSL version variances s/(TLS error on connection [^:]*: error:)[0-9A-F]{8}(:system library):(?:fopen|func\(4095\)|):(No such file or directory)$/$1xxxxxxxx$2:fopen:$3/; - next if /TLS error \(SSL_read\): error:0A000126:SSL routines::unexpected eof while reading$/ ; + next if /TLS error \(SSL_read\): .*error:0A000126:SSL routines::unexpected eof while reading$/ ; s/EVDATA: \K\(SSL_accept\): error:0A000126:SSL routines::unexpected eof while reading/SSL_accept: TCP connection closed by peer/; s/(DANE attempt failed.*error:)[0-9A-F]{8}(:SSL routines:)(?:(?i)ssl3_get_server_certificate|tls_process_server_certificate|CONNECT_CR_CERT|)(?=:certificate verify failed$)/$1xxxxxxxx$2ssl3_get_server_certificate/; s/(DKIM: validation error: )error:[0-9A-F]{8}:rsa routines:(?:(?i)int_rsa_verify|CRYPTO_internal):(?:bad signature|algorithm mismatch)$/$1Public key signature verification has failed./; -- cgit v1.2.3