<p>George Joseph <strong>merged</strong> this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/11495">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Kevin Harwell: Looks good to me, but someone else must approve
Joshua Colp: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved; Approved for Submit
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">pjproject_bundled: Add peer information to most SSL/TLS errors<br><br>Most SSL/TLS error messages coming from pjproject now have either<br>the peer address:port or peer hostname, depending on what was<br>available at the time and code location where the error was<br>generated.<br><br>ASTERISK-28444<br>Reported by: Bernhard Schmidt<br><br>Change-Id: I41770e8a1ea5e96f6e16b236692c4269ce1ba91e<br>---<br>A third-party/pjproject/patches/0010-ssl_sock_ossl-sip_transport_tls-Add-peer-to-error-me.patch<br>1 file changed, 157 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/third-party/pjproject/patches/0010-ssl_sock_ossl-sip_transport_tls-Add-peer-to-error-me.patch b/third-party/pjproject/patches/0010-ssl_sock_ossl-sip_transport_tls-Add-peer-to-error-me.patch</span><br><span>new file mode 100644</span><br><span>index 0000000..53bde48</span><br><span>--- /dev/null</span><br><span>+++ b/third-party/pjproject/patches/0010-ssl_sock_ossl-sip_transport_tls-Add-peer-to-error-me.patch</span><br><span>@@ -0,0 +1,157 @@</span><br><span style="color: hsl(120, 100%, 40%);">+From 85b28c475b5dfd3b01dafffd1d0b3dbb6f087829 Mon Sep 17 00:00:00 2001</span><br><span style="color: hsl(120, 100%, 40%);">+From: George Joseph <gjoseph@digium.com></span><br><span style="color: hsl(120, 100%, 40%);">+Date: Thu, 27 Jun 2019 11:19:47 -0600</span><br><span style="color: hsl(120, 100%, 40%);">+Subject: [PATCH] ssl_sock_ossl/sip_transport_tls: Add peer to error messages</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+Added peer address:port to error messages in ssl_sock_ossl.</span><br><span style="color: hsl(120, 100%, 40%);">+Added peer hostname to error messages in sip_transport_tls.</span><br><span style="color: hsl(120, 100%, 40%);">+---</span><br><span style="color: hsl(120, 100%, 40%);">+ pjlib/src/pj/ssl_sock_ossl.c | 22 +++++++++++++---------</span><br><span style="color: hsl(120, 100%, 40%);">+ pjsip/src/pjsip/sip_transport_tls.c | 17 +++++++++--------</span><br><span style="color: hsl(120, 100%, 40%);">+ 2 files changed, 22 insertions(+), 17 deletions(-)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c</span><br><span style="color: hsl(120, 100%, 40%);">+index b4ac5c15f..42db8fdbe 100644</span><br><span style="color: hsl(120, 100%, 40%);">+--- a/pjlib/src/pj/ssl_sock_ossl.c</span><br><span>++++ b/pjlib/src/pj/ssl_sock_ossl.c</span><br><span style="color: hsl(120, 100%, 40%);">+@@ -210,15 +210,19 @@ static char *SSLErrorString (int err)</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+-#define ERROR_LOG(msg, err) \</span><br><span style="color: hsl(120, 100%, 40%);">+- PJ_LOG(2,("SSL", "%s (%s): Level: %d err: <%lu> <%s-%s-%s> len: %d", \</span><br><span style="color: hsl(120, 100%, 40%);">++#define ERROR_LOG(msg, err, ssock) \</span><br><span style="color: hsl(120, 100%, 40%);">++{ \</span><br><span style="color: hsl(120, 100%, 40%);">++ char buf[PJ_INET6_ADDRSTRLEN+10]; \</span><br><span style="color: hsl(120, 100%, 40%);">++ PJ_LOG(2,("SSL", "%s (%s): Level: %d err: <%lu> <%s-%s-%s> len: %d peer: %s", \</span><br><span style="color: hsl(120, 100%, 40%);">+ msg, action, level, err, \</span><br><span style="color: hsl(120, 100%, 40%);">+ (ERR_lib_error_string(err)? ERR_lib_error_string(err): "???"), \</span><br><span style="color: hsl(120, 100%, 40%);">+ (ERR_func_error_string(err)? ERR_func_error_string(err):"???"),\</span><br><span style="color: hsl(120, 100%, 40%);">+ (ERR_reason_error_string(err)? \</span><br><span style="color: hsl(120, 100%, 40%);">+- ERR_reason_error_string(err): "???"), len));</span><br><span style="color: hsl(120, 100%, 40%);">++ ERR_reason_error_string(err): "???"), len, \</span><br><span style="color: hsl(120, 100%, 40%);">++ pj_sockaddr_print(&ssock->rem_addr, buf, sizeof(buf), 3))); \</span><br><span style="color: hsl(120, 100%, 40%);">++}</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+-static void SSLLogErrors(char * action, int ret, int ssl_err, int len)</span><br><span style="color: hsl(120, 100%, 40%);">++static void SSLLogErrors(char * action, int ret, int ssl_err, int len, pj_ssl_sock_t *ssock)</span><br><span style="color: hsl(120, 100%, 40%);">+ {</span><br><span style="color: hsl(120, 100%, 40%);">+ char *ssl_err_str = SSLErrorString(ssl_err);</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+@@ -233,7 +237,7 @@ static void SSLLogErrors(char * action, int ret, int ssl_err, int len)</span><br><span style="color: hsl(120, 100%, 40%);">+ if (err2) {</span><br><span style="color: hsl(120, 100%, 40%);">+ int level = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ while (err2) {</span><br><span style="color: hsl(120, 100%, 40%);">+- ERROR_LOG("SSL_ERROR_SYSCALL", err2);</span><br><span style="color: hsl(120, 100%, 40%);">++ ERROR_LOG("SSL_ERROR_SYSCALL", err2, ssock);</span><br><span style="color: hsl(120, 100%, 40%);">+ level++;</span><br><span style="color: hsl(120, 100%, 40%);">+ err2 = ERR_get_error();</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+@@ -264,7 +268,7 @@ static void SSLLogErrors(char * action, int ret, int ssl_err, int len)</span><br><span style="color: hsl(120, 100%, 40%);">+ int level = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ while (err2) {</span><br><span style="color: hsl(120, 100%, 40%);">+- ERROR_LOG("SSL_ERROR_SSL", err2);</span><br><span style="color: hsl(120, 100%, 40%);">++ ERROR_LOG("SSL_ERROR_SSL", err2, ssock);</span><br><span style="color: hsl(120, 100%, 40%);">+ level++;</span><br><span style="color: hsl(120, 100%, 40%);">+ err2 = ERR_get_error();</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+@@ -302,13 +306,13 @@ static pj_status_t STATUS_FROM_SSL_ERR(char *action, pj_ssl_sock_t *ssock,</span><br><span style="color: hsl(120, 100%, 40%);">+ int level = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ int len = 0; //dummy</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+- ERROR_LOG("STATUS_FROM_SSL_ERR", err);</span><br><span style="color: hsl(120, 100%, 40%);">++ ERROR_LOG("STATUS_FROM_SSL_ERR", err, ssock);</span><br><span style="color: hsl(120, 100%, 40%);">+ level++;</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ /* General SSL error, dig more from OpenSSL error queue */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (err == SSL_ERROR_SSL) {</span><br><span style="color: hsl(120, 100%, 40%);">+ err = ERR_get_error();</span><br><span style="color: hsl(120, 100%, 40%);">+- ERROR_LOG("STATUS_FROM_SSL_ERR", err);</span><br><span style="color: hsl(120, 100%, 40%);">++ ERROR_LOG("STATUS_FROM_SSL_ERR", err, ssock);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ ssock->last_err = err;</span><br><span style="color: hsl(120, 100%, 40%);">+@@ -326,7 +330,7 @@ static pj_status_t STATUS_FROM_SSL_ERR2(char *action, pj_ssl_sock_t *ssock,</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ /* Dig for more from OpenSSL error queue */</span><br><span style="color: hsl(120, 100%, 40%);">+- SSLLogErrors(action, ret, err, len);</span><br><span style="color: hsl(120, 100%, 40%);">++ SSLLogErrors(action, ret, err, len, ssock);</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ ssock->last_err = ssl_err;</span><br><span style="color: hsl(120, 100%, 40%);">+ return GET_STATUS_FROM_SSL_ERR(ssl_err);</span><br><span style="color: hsl(120, 100%, 40%);">+diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c</span><br><span style="color: hsl(120, 100%, 40%);">+index 38349aa7a..d40bc7ea3 100644</span><br><span style="color: hsl(120, 100%, 40%);">+--- a/pjsip/src/pjsip/sip_transport_tls.c</span><br><span>++++ b/pjsip/src/pjsip/sip_transport_tls.c</span><br><span style="color: hsl(120, 100%, 40%);">+@@ -173,9 +173,10 @@ static void wipe_buf(pj_str_t *buf);</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ static void tls_perror(const char *sender, const char *title,</span><br><span style="color: hsl(120, 100%, 40%);">+- pj_status_t status)</span><br><span style="color: hsl(120, 100%, 40%);">++ pj_status_t status, pj_str_t *remote_name)</span><br><span style="color: hsl(120, 100%, 40%);">+ {</span><br><span style="color: hsl(120, 100%, 40%);">+- PJ_PERROR(3,(sender, status, "%s: [code=%d]", title, status));</span><br><span style="color: hsl(120, 100%, 40%);">++ PJ_PERROR(3,(sender, status, "%s: [code=%d]%s%.*s", title, status,</span><br><span style="color: hsl(120, 100%, 40%);">++ remote_name ? " peer: " : "", remote_name ? remote_name->slen : 0, remote_name ? remote_name->ptr : ""));</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+@@ -730,7 +731,7 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_restart(pjsip_tpfactory *factory,</span><br><span style="color: hsl(120, 100%, 40%);">+ status = pjsip_tls_transport_lis_start(factory, local, a_name);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (status != PJ_SUCCESS) { </span><br><span style="color: hsl(120, 100%, 40%);">+ tls_perror(listener->factory.obj_name, </span><br><span style="color: hsl(120, 100%, 40%);">+- "Unable to start listener after closing it", status);</span><br><span style="color: hsl(120, 100%, 40%);">++ "Unable to start listener after closing it", status, NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ return status;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+@@ -739,7 +740,7 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_restart(pjsip_tpfactory *factory,</span><br><span style="color: hsl(120, 100%, 40%);">+ &listener->factory);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (status != PJ_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ tls_perror(listener->factory.obj_name,</span><br><span style="color: hsl(120, 100%, 40%);">+- "Unable to register the transport listener", status);</span><br><span style="color: hsl(120, 100%, 40%);">++ "Unable to register the transport listener", status, NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ listener->is_registered = PJ_FALSE; </span><br><span style="color: hsl(120, 100%, 40%);">+ } else {</span><br><span style="color: hsl(120, 100%, 40%);">+@@ -1085,7 +1086,7 @@ static pj_status_t tls_start_read(struct tls_transport *tls)</span><br><span style="color: hsl(120, 100%, 40%);">+ PJSIP_POOL_RDATA_LEN,</span><br><span style="color: hsl(120, 100%, 40%);">+ PJSIP_POOL_RDATA_INC);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!pool) {</span><br><span style="color: hsl(120, 100%, 40%);">+- tls_perror(tls->base.obj_name, "Unable to create pool", PJ_ENOMEM);</span><br><span style="color: hsl(120, 100%, 40%);">++ tls_perror(tls->base.obj_name, "Unable to create pool", PJ_ENOMEM, NULL);</span><br><span style="color: hsl(120, 100%, 40%);">+ return PJ_ENOMEM;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+@@ -1772,7 +1773,7 @@ static pj_bool_t on_connect_complete(pj_ssl_sock_t *ssock,</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Check connect() status */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (status != PJ_SUCCESS) {</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+- tls_perror(tls->base.obj_name, "TLS connect() error", status);</span><br><span style="color: hsl(120, 100%, 40%);">++ tls_perror(tls->base.obj_name, "TLS connect() error", status, &tls->remote_name);</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ /* Cancel all delayed transmits */</span><br><span style="color: hsl(120, 100%, 40%);">+ while (!pj_list_empty(&tls->delayed_list)) {</span><br><span style="color: hsl(120, 100%, 40%);">+@@ -1916,7 +1917,7 @@ static pj_bool_t on_connect_complete(pj_ssl_sock_t *ssock,</span><br><span style="color: hsl(120, 100%, 40%);">+ pjsip_transport_dec_ref(&tls->base);</span><br><span style="color: hsl(120, 100%, 40%);">+ if (is_shutdown) {</span><br><span style="color: hsl(120, 100%, 40%);">+ status = tls->close_reason;</span><br><span style="color: hsl(120, 100%, 40%);">+- tls_perror(tls->base.obj_name, "TLS connect() error", status);</span><br><span style="color: hsl(120, 100%, 40%);">++ tls_perror(tls->base.obj_name, "TLS connect() error", status, &tls->remote_name);</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ /* Cancel all delayed transmits */</span><br><span style="color: hsl(120, 100%, 40%);">+ while (!pj_list_empty(&tls->delayed_list)) {</span><br><span style="color: hsl(120, 100%, 40%);">+@@ -2015,7 +2016,7 @@ static void tls_keep_alive_timer(pj_timer_heap_t *th, pj_timer_entry *e)</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ if (status != PJ_SUCCESS && status != PJ_EPENDING) {</span><br><span style="color: hsl(120, 100%, 40%);">+ tls_perror(tls->base.obj_name, </span><br><span style="color: hsl(120, 100%, 40%);">+- "Error sending keep-alive packet", status);</span><br><span style="color: hsl(120, 100%, 40%);">++ "Error sending keep-alive packet", status, &tls->remote_name);</span><br><span style="color: hsl(120, 100%, 40%);">+ </span><br><span style="color: hsl(120, 100%, 40%);">+ tls_init_shutdown(tls, status);</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span style="color: hsl(120, 100%, 40%);">+-- </span><br><span style="color: hsl(120, 100%, 40%);">+2.21.0</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/11495">change 11495</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/11495"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 13 </div>
<div style="display:none"> Gerrit-Change-Id: I41770e8a1ea5e96f6e16b236692c4269ce1ba91e </div>
<div style="display:none"> Gerrit-Change-Number: 11495 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>