[GitHub] [trafficserver] jpeach commented on a diff in pull request #9947: OpenSSL 3.0 tls autest updates

Tue, 04 Jul 2023 23:26:55 -0700 


jpeach commented on code in PR #9947:
URL: https://github.com/apache/trafficserver/pull/9947#discussion_r1252574572


##########
iocore/net/SSLNetVConnection.cc:
##########
@@ -840,7 +840,9 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite, 
MIOBufferAccessor &buf
       break;
     }
     case SSL_ERROR_SYSCALL:
-      num_really_written = -errno;
+      // SSL_ERROR_SYSCALL is an IO error. errno is likely 0, so set EPIPE, as
+      // we do with SSL_ERROR_SSL below, to indicate a connection error.
+      num_really_written = -EPIPE;

Review Comment:
   Nice! The 
[docs](https://www.openssl.org/docs/man3.1/man3/SSL_get_error.html) concur:
   
   ```
   On an unexpected EOF, versions before OpenSSL 3.0 returned SSL_ERROR_SYSCALL,
   nothing was added to the error stack, and errno was 0. Since OpenSSL 3.0 the 
returned
   error is SSL_ERROR_SSL with a meaningful error on the error stack.
   ```



##########
tests/gold_tests/tls/tls_client_versions.test.py:
##########
@@ -71,28 +71,28 @@
 tr = Test.AddTestRun("foo.com TLSv1_2")
 tr.Processes.Default.StartBefore(server)
 tr.Processes.Default.StartBefore(Test.Processes.ts)
-tr.Processes.Default.Command = "curl -v --tls-max 1.2 --tlsv1.2 --resolve 
'foo.com:{0}:127.0.0.1' -k  https://foo.com:{0}".format(
+tr.Processes.Default.Command = "curl -v --ciphers DEFAULT@SECLEVEL=0 --tls-max 
1.2 --tlsv1.2 --resolve 'foo.com:{0}:127.0.0.1' -k  https://foo.com:{0}".format(

Review Comment:
   Please add a comment to explain why you need to set the ciphers flag, and to 
refer the reader to the docs that explain the syntax
   
   https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html



##########
tests/gold_tests/tls/tls_client_versions_minmax.test.py:
##########
@@ -75,35 +75,35 @@
 tr = Test.AddTestRun("foo.com TLSv1_2")
 tr.Processes.Default.StartBefore(server)
 tr.Processes.Default.StartBefore(Test.Processes.ts)
-tr.Processes.Default.Command = "curl -v --tls-max 1.2 --tlsv1.2 --resolve 
'foo.com:{0}:127.0.0.1' -k  https://foo.com:{0}".format(
+tr.Processes.Default.Command = "curl -v --ciphers DEFAULT@SECLEVEL=0 --tls-max 
1.2 --tlsv1.2 --resolve 'foo.com:{0}:127.0.0.1' -k  https://foo.com:{0}".format(

Review Comment:
   Please add a comment to explain why you need to set the ciphers flag, and to 
refer the reader to the docs that explain the syntax
   
   https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to