Pull request cloudflare#4: Rebase boring-rpk on latest upstream (bori…

…ng 1.1.4) Merge in ECO/boring-rpk from rpk to master * commit '24a7d1068260f169ac4b27ef603c1ed98d0d9566': Add RPK patch Add CI Bump boring to 1.1.4 Use Display for ssl::Error in Display for ssl::HandshakeError Tweak yet again the boring error reporting Bump boring to 1.1.3 Remove file/line from Display for HandshakeError Bump boring to 1.1.2, tokio-boring 2.1.1 Add tokio_boring::HandshakeError::as_source_stream Introduce MidHandshakeSslStream::into_parts Print handshake errors in a better way Separate errors in an error stack better
nox · Mar 18, 2021 · 54375d1 · 54375d1
2 parents 4d2fde9 + 24a7d10
commit 54375d1
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 21 deletions.
diff --git a/boring/Cargo.toml b/boring/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "boring"
-version = "1.1.1"
+version = "1.1.4"
 authors = ["Steven Fackler <[email protected]>", "Ivan Nikulin <[email protected]>"]
 license = "Apache-2.0"
 description = "BoringSSL bindings"

diff --git a/boring/src/error.rs b/boring/src/error.rs
@@ -60,16 +60,16 @@ impl ErrorStack {
 impl fmt::Display for ErrorStack {
     fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
         if self.0.is_empty() {
-            return fmt.write_str("OpenSSL error");
+            return fmt.write_str("unknown BoringSSL error");
         }
 
         let mut first = true;
         for err in &self.0 {
             if !first {
-                fmt.write_str(", ")?;
+                fmt.write_str(" ")?;
             }
-            write!(fmt, "{}", err)?;
             first = false;
+            write!(fmt, "[{}]", err.reason().unwrap_or("unknown reason"))?;
         }
         Ok(())
     }

diff --git a/boring/src/ssl/error.rs b/boring/src/ssl/error.rs
@@ -110,7 +110,7 @@ impl fmt::Display for Error {
             },
             ErrorCode::SSL => match self.ssl_error() {
                 Some(e) => write!(fmt, "{}", e),
-                None => fmt.write_str("OpenSSL error"),
+                None => fmt.write_str("unknown BoringSSL error"),
             },
             ErrorCode(code) => write!(fmt, "unknown error code {}", code),
         }
@@ -150,29 +150,33 @@ impl<S: fmt::Debug> StdError for HandshakeError<S> {
     }
 }
 
-impl<S: fmt::Debug> fmt::Display for HandshakeError<S> {
+impl<S> fmt::Display for HandshakeError<S> {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         match *self {
-            HandshakeError::SetupFailure(ref e) => write!(f, "stream setup failed: {}", e)?,
-            HandshakeError::Failure(ref s) => {
-                write!(f, "the handshake failed: {}", s.error())?;
-                let verify = s.ssl().verify_result();
-                if verify != X509VerifyResult::OK {
-                    write!(f, ": {}", verify)?;
-                }
+            HandshakeError::SetupFailure(ref e) => {
+                write!(f, "TLS stream setup failed {}", e)
             }
+            HandshakeError::Failure(ref s) => fmt_mid_handshake_error(s, f, "TLS handshake failed"),
             HandshakeError::WouldBlock(ref s) => {
-                write!(f, "the handshake was interrupted: {}", s.error())?;
-                let verify = s.ssl().verify_result();
-                if verify != X509VerifyResult::OK {
-                    write!(f, ": {}", verify)?;
-                }
+                fmt_mid_handshake_error(s, f, "TLS handshake interrupted")
             }
         }
-        Ok(())
     }
 }
 
+fn fmt_mid_handshake_error(
+    s: &MidHandshakeSslStream<impl Sized>,
+    f: &mut fmt::Formatter,
+    prefix: &str,
+) -> fmt::Result {
+    match s.ssl().verify_result() {
+        X509VerifyResult::OK => write!(f, "{}", prefix)?,
+        verify => write!(f, "{}: cert verification failed - {}", prefix, verify)?,
+    }
+
+    write!(f, " {}", s.error())
+}
+
 impl<S> From<ErrorStack> for HandshakeError<S> {
     fn from(e: ErrorStack) -> HandshakeError<S> {
         HandshakeError::SetupFailure(e)

diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
@@ -2876,6 +2876,11 @@ impl<S> MidHandshakeSslStream<S> {
         self.stream.into_inner()
     }
 
+    /// Returns both the error and the source data stream, consuming `self`.
+    pub fn into_parts(self) -> (Error, S) {
+        (self.error, self.stream.into_inner())
+    }
+
     /// Restarts the handshake process.
     ///
     /// This corresponds to [`SSL_do_handshake`].

diff --git a/tokio-boring/Cargo.toml b/tokio-boring/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "tokio-boring"
-version = "2.1.0"
+version = "2.1.1"
 authors = ["Alex Crichton <[email protected]>", "Ivan Nikulin <[email protected]>"]
 license = "MIT/Apache-2.0"
 edition = "2018"

diff --git a/tokio-boring/src/lib.rs b/tokio-boring/src/lib.rs
@@ -277,13 +277,21 @@ impl<S> HandshakeError<S> {
         }
     }
 
-    /// Converts error to the source data stream tha was used for the handshake.
+    /// Converts error to the source data stream that was used for the handshake.
     pub fn into_source_stream(self) -> Option<S> {
         match self.0 {
             ssl::HandshakeError::Failure(s) => Some(s.into_source_stream().stream),
             _ => None,
         }
     }
+
+    /// Returns a reference to the source data stream.
+    pub fn as_source_stream(&self) -> Option<&S> {
+        match &self.0 {
+            ssl::HandshakeError::Failure(s) => Some(&s.get_ref().stream),
+            _ => None,
+        }
+    }
 }
 
 impl<S> fmt::Debug for HandshakeError<S>