diff options
| author | Matt Caswell <matt@openssl.org> | 2023-09-11 13:55:41 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2023-09-13 09:45:17 +0100 |
| commit | 982dae89d8d19fcb9cc2c3b8ba74afef352ecc41 (patch) | |
| tree | 5164aa7e50ec9420331723e440b8d53d436a68fc /ssl | |
| parent | d012319145b1c95ecb9ada29f4f03a3b30cf0f41 (diff) | |
Ensure QUIC-TLS errors raised during channel start are available to caller
TLS misconfiguration errors should be shown to the application to enable
diagnosis of the problem. Otherwise you just get a generical "internal
error" message.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22066)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/quic/quic_channel.c | 13 | ||||
| -rw-r--r-- | ssl/quic/quic_impl.c | 1 |
2 files changed, 13 insertions, 1 deletions
diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index ce938b70f0..7504f06dfc 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -44,6 +44,7 @@ */ #define DEFAULT_MAX_ACK_DELAY QUIC_DEFAULT_MAX_ACK_DELAY +static void ch_save_err_state(QUIC_CHANNEL *ch); static void ch_rx_pre(QUIC_CHANNEL *ch); static int ch_rx(QUIC_CHANNEL *ch); static int ch_tx(QUIC_CHANNEL *ch); @@ -2702,6 +2703,10 @@ int ossl_quic_channel_set_net_wbio(QUIC_CHANNEL *ch, BIO *net_wbio) */ int ossl_quic_channel_start(QUIC_CHANNEL *ch) { + uint64_t error_code; + const char *error_msg; + ERR_STATE *error_state = NULL; + if (ch->is_server) /* * This is not used by the server. The server moves to active @@ -2730,8 +2735,14 @@ int ossl_quic_channel_start(QUIC_CHANNEL *ch) ch->doing_proactive_ver_neg = 0; /* not currently supported */ /* Handshake layer: start (e.g. send CH). */ - if (!ossl_quic_tls_tick(ch->qtls)) + ossl_quic_tls_tick(ch->qtls); + + if (ossl_quic_tls_get_error(ch->qtls, &error_code, &error_msg, + &error_state)) { + ossl_quic_channel_raise_protocol_error_state(ch, error_code, 0, + error_msg, error_state); return 0; + } ossl_quic_reactor_tick(&ch->rtor, 0); /* best effort */ return 1; diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index b632ad22db..beec26c019 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -1524,6 +1524,7 @@ static int ensure_channel_started(QCTX *ctx) } if (!ossl_quic_channel_start(qc->ch)) { + ossl_quic_channel_restore_err_state(qc->ch); QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_INTERNAL_ERROR, "failed to start channel"); return 0; |