Include better OpenSSL error information in NetLog.

net/ssl/openssl_ssl_util.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/ssl/openssl_ssl_util.h"
 
 #include <errno.h>
 
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 
+#include "base/bind.h"
 #include "base/lazy_instance.h"
 #include "base/location.h"
 #include "base/logging.h"
+#include "base/values.h"
 #include "crypto/openssl_util.h"
 #include "net/base/net_errors.h"
 
 namespace net {
 
 SslSetClearMask::SslSetClearMask()
     : set_mask(0),
       clear_mask(0) {
 }
 
@@ skipping 22 matching lines @@
   unsigned net_error_lib_;
 };
 
 base::LazyInstance<OpenSSLNetErrorLibSingleton>::Leaky g_openssl_net_error_lib =
     LAZY_INSTANCE_INITIALIZER;
 
 unsigned OpenSSLNetErrorLib() {
   return g_openssl_net_error_lib.Get().net_error_lib();
 }
 
-int MapOpenSSLErrorSSL(unsigned long error_code) {
+int MapOpenSSLErrorSSL(uint32_t error_code) {
   DCHECK_EQ(ERR_LIB_SSL, ERR_GET_LIB(error_code));
 
   DVLOG(1) << "OpenSSL SSL error, reason: " << ERR_GET_REASON(error_code)
            << ", name: " << ERR_error_string(error_code, NULL);
   switch (ERR_GET_REASON(error_code)) {
     case SSL_R_READ_TIMEOUT_EXPIRED:
       return ERR_TIMED_OUT;
     case SSL_R_BAD_RESPONSE_ARGUMENT:
       return ERR_INVALID_ARGUMENT;
     case SSL_R_UNKNOWN_CERTIFICATE_TYPE:
@@ skipping 81 matching lines @@
       // the leaf certificate changed during a renegotiation.
       return ERR_SSL_SERVER_CERT_CHANGED;
     case SSL_AD_REASON_OFFSET + SSL3_AD_INAPPROPRIATE_FALLBACK:
       return ERR_SSL_INAPPROPRIATE_FALLBACK;
     default:
       LOG(WARNING) << "Unmapped error reason: " << ERR_GET_REASON(error_code);
       return ERR_FAILED;
   }
 }
 
+base::Value* NetLogOpenSSLErrorCallback(int net_error,
+                                        int ssl_error,
+                                        uint32_t error_code,
+                                        const char* file,
+                                        int line,
+                                        NetLog::LogLevel /* log_level */) {
+  base::DictionaryValue* dict = new base::DictionaryValue();
+  dict->SetInteger("net_error", net_error);
+  dict->SetInteger("ssl_error", ssl_error);
+  if (error_code != 0) {
+    dict->SetInteger("error_lib", ERR_GET_LIB(error_code));
+    dict->SetInteger("error_reason", ERR_GET_REASON(error_code));

[Ryan Sleevi, 2014/08/25 06:24:35]

And we're guaranteed these will always be masks and never reach into something
like thread-local storage, right?

[davidben, 2014/08/26 22:13:51]

Yeah, that would be a pretty significant departure from how the API currently
works. I don't think you'd be able to make them not masks without serious hacks.
It needs to work with both ERR_get_error() and ERR_peek_error(), and the former
removes the error from the stack.

For more fun, there are fields that do come from per-thread storage, but you
extract them with a different API. Hence file/line being separate.

(I do actually want to eventually move ERR_GET_FUNC to per-thread storage
because the function codes are crazy. But I'm intentionally not calling that one
and the file/line information includes all that.)

+  }
+  if (file != NULL)
+    dict->SetString("file", file);
+  if (line != 0)
+    dict->SetInteger("line", line);
+  return dict;
+}
+
 }  // namespace
 
 void OpenSSLPutNetError(const tracked_objects::Location& location, int err) {
   // Net error codes are negative. Encode them as positive numbers.
   err = -err;
   if (err < 0 || err > 0xfff) {
     // OpenSSL reserves 12 bits for the reason code.
     NOTREACHED();
     err = ERR_INVALID_ARGUMENT;
   }
   ERR_put_error(OpenSSLNetErrorLib(), 0, err,
                 location.file_name(), location.line_number());
 }
 
 int MapOpenSSLError(int err, const crypto::OpenSSLErrStackTracer& tracer) {
+  uint32_t error_code;
+  const char* file;
+  int line;
+  return MapOpenSSLErrorWithDetails(err, tracer, &error_code, &file, &line);
+}
+
+int MapOpenSSLErrorWithDetails(int err,
+                               const crypto::OpenSSLErrStackTracer& tracer,
+                               uint32_t* out_error_code,
+                               const char** out_file,
+                               int* out_line) {
+  *out_error_code = 0;
+  *out_file = NULL;
+  *out_line = 0;
+
   switch (err) {
     case SSL_ERROR_WANT_READ:
     case SSL_ERROR_WANT_WRITE:
       return ERR_IO_PENDING;
     case SSL_ERROR_SYSCALL:
       LOG(ERROR) << "OpenSSL SYSCALL error, earliest error code in "
                     "error queue: " << ERR_peek_error() << ", errno: "
                  << errno;
       return ERR_SSL_PROTOCOL_ERROR;
     case SSL_ERROR_SSL:
       // Walk down the error stack to find an SSL or net error.
-      unsigned long error_code;
+      uint32_t error_code;
+      const char* file;
+      int line;
       do {
-        error_code = ERR_get_error();
+        error_code = ERR_get_error_line(&file, &line);
         if (ERR_GET_LIB(error_code) == ERR_LIB_SSL) {
+          *out_error_code = error_code;
+          *out_file = file;
+          *out_line = line;
           return MapOpenSSLErrorSSL(error_code);
         } else if (ERR_GET_LIB(error_code) == OpenSSLNetErrorLib()) {
+          *out_error_code = error_code;
+          *out_file = file;
+          *out_line = line;
           // Net error codes are negative but encoded in OpenSSL as positive
           // numbers.
           return -ERR_GET_REASON(error_code);
         }
       } while (error_code != 0);
       return ERR_SSL_PROTOCOL_ERROR;
     default:
       // TODO(joth): Implement full mapping.
       LOG(WARNING) << "Unknown OpenSSL error " << err;
       return ERR_SSL_PROTOCOL_ERROR;
   }
 }
 
+NetLog::ParametersCallback CreateNetLogOpenSSLErrorCallback(int net_error,
+                                                            int ssl_error,
+                                                            uint32_t error_code,
+                                                            const char* file,
+                                                            int line) {
+  return base::Bind(&NetLogOpenSSLErrorCallback,
+                    net_error, ssl_error, error_code, file, line);
+}
+
 }  // namespace net