From f63e2f139a315a48963b15f4de1e196c6bb7b2d6 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 28 Jul 2009 14:48:37 +0100 Subject: net.server: Much improve SSL/TLS error reporting, do our best to understand and hide OpenSSL's ridiculously unfriendly error messages --- net/server.lua | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) (limited to 'net') diff --git a/net/server.lua b/net/server.lua index 6fe72712..966006c1 100644 --- a/net/server.lua +++ b/net/server.lua @@ -181,20 +181,41 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxco out_error "server.lua: wrong server sslctx" ssl = false end - sslctx, err = ssl_newcontext( sslctx ) - if not sslctx then + local ctx; + ctx, err = ssl_newcontext( sslctx ) + if not ctx then err = err or "wrong sslctx parameters" - out_error( "server.lua: ", err ) + local file; + file = err:match("^error loading (.-) %("); + if file then + if file == "private key" then + file = sslctx.key or "your private key"; + elseif file == "certificate" then + file = sslctx.certificate or "your certificate file"; + end + local reason = err:match("%((.+)%)$") or "some reason"; + if reason == "Permission denied" then + reason = "Check that the permissions allow Prosody to read this file."; + elseif reason == "No such file or directory" then + reason = "Check that the path is correct, and the file exists."; + elseif reason == "system lib" then + reason = "Previous error (see logs), or other system error."; + else + reason = "Reason: "..tostring(reason or "unknown"):lower(); + end + log("error", "SSL/TLS: Failed to load %s: %s", file, reason); + else + log("error", "SSL/TLS: Error initialising for port %d: %s", serverport, err ); + end ssl = false end + sslctx = ctx; end if not ssl then sslctx = false; if startssl then - out_error( "server.lua: Cannot start ssl on port: ", serverport ) + log("error", "Failed to listen on port %d due to SSL/TLS to SSL/TLS initialisation errors (see logs)", serverport ) return nil, "Cannot start ssl, see log for details" - else - out_put("server.lua: ", "ssl not enabled on ", serverport); end end -- cgit v1.2.3 From 8ad65c2824d2ee3bd52175df34fdd7bd9d393231 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Tue, 28 Jul 2009 19:15:29 +0100 Subject: xmpp{client,server,component]_listener: Open stream if sending an error and it isn't already open. Fixes #120 --- net/xmppclient_listener.lua | 5 +++++ net/xmppcomponent_listener.lua | 5 +++++ net/xmppserver_listener.lua | 5 +++++ 3 files changed, 15 insertions(+) (limited to 'net') diff --git a/net/xmppclient_listener.lua b/net/xmppclient_listener.lua index 35838692..ce7788c7 100644 --- a/net/xmppclient_listener.lua +++ b/net/xmppclient_listener.lua @@ -69,9 +69,14 @@ end local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; +local default_stream_attr = { ["xmlns:stream"] = stream_callbacks.stream_tag:gsub("%|[^|]+$", ""), xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; local function session_close(session, reason) local log = session.log or log; if session.conn then + if session.notopen then + session.send(""); + session.send(st.stanza("stream:stream", default_stream_attr):top_tag()); + end if reason then if type(reason) == "string" then -- assume stream error log("info", "Disconnecting client, is: %s", reason); diff --git a/net/xmppcomponent_listener.lua b/net/xmppcomponent_listener.lua index e62bb810..36d74579 100644 --- a/net/xmppcomponent_listener.lua +++ b/net/xmppcomponent_listener.lua @@ -87,9 +87,14 @@ end --- Closing a component connection local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; +local default_stream_attr = { ["xmlns:stream"] = stream_callbacks.stream_tag:gsub("%|[^|]+$", ""), xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; local function session_close(session, reason) local log = session.log or log; if session.conn then + if session.notopen then + session.send(""); + session.send(st.stanza("stream:stream", default_stream_attr):top_tag()); + end if reason then if type(reason) == "string" then -- assume stream error log("info", "Disconnecting component, is: %s", reason); diff --git a/net/xmppserver_listener.lua b/net/xmppserver_listener.lua index 3cfcfe86..81d26526 100644 --- a/net/xmppserver_listener.lua +++ b/net/xmppserver_listener.lua @@ -69,9 +69,14 @@ end local stream_xmlns_attr = {xmlns='urn:ietf:params:xml:ns:xmpp-streams'}; +local default_stream_attr = { ["xmlns:stream"] = stream_callbacks.stream_tag:gsub("%|[^|]+$", ""), xmlns = stream_callbacks.default_ns, version = "1.0", id = "" }; local function session_close(session, reason) local log = session.log or log; if session.conn then + if session.notopen then + session.sends2s(""); + session.sends2s(st.stanza("stream:stream", default_stream_attr):top_tag()); + end if reason then if type(reason) == "string" then -- assume stream error log("info", "Disconnecting %s[%s], is: %s", session.host or "(unknown host)", session.type, reason); -- cgit v1.2.3