Print handshake errors in a better way

We completely ignore the ErrorStack value if it is an X509 verification failure.
2021-03-04 12:17:24 +01:00 · 2021-03-04 12:17:24 +01:00 · 51734088ef
parent 8274492b95
commit 51734088ef
1 changed files with 49 additions and 14 deletions
--- a/boring/src/ssl/error.rs
+++ b/boring/src/ssl/error.rs
@ -4,6 +4,7 @@ use std::error;
 use std::error::Error as StdError;
 use std::fmt;
 use std::io;
+use std::path::Path;

 use error::ErrorStack;
 use ssl::MidHandshakeSslStream;
@ -150,29 +151,63 @@ impl<S: fmt::Debug> StdError for HandshakeError<S> {
    }
 }

-impl<S: fmt::Debug> fmt::Display for HandshakeError<S> {
+impl<S> fmt::Display for HandshakeError<S> {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        match *self {
-            HandshakeError::SetupFailure(ref e) => write!(f, "stream setup failed: {}", e)?,
-            HandshakeError::Failure(ref s) => {
-                write!(f, "the handshake failed: {}", s.error())?;
-                let verify = s.ssl().verify_result();
-                if verify != X509VerifyResult::OK {
-                    write!(f, ": {}", verify)?;
-                }
+            HandshakeError::SetupFailure(ref e) => {
+                write!(f, "TLS stream setup failed:\n\n{}", e)
            }
+            HandshakeError::Failure(ref s) => fmt_mid_handshake_error(s, f, "TLS handshake failed"),
            HandshakeError::WouldBlock(ref s) => {
-                write!(f, "the handshake was interrupted: {}", s.error())?;
-                let verify = s.ssl().verify_result();
-                if verify != X509VerifyResult::OK {
-                    write!(f, ": {}", verify)?;
-                }
+                fmt_mid_handshake_error(s, f, "TLS handshake interrupted")
            }
        }
-        Ok(())
    }
 }

+fn fmt_mid_handshake_error(
+    s: &MidHandshakeSslStream<impl Sized>,
+    f: &mut fmt::Formatter,
+    prefix: &str,
+) -> fmt::Result {
+    match s.ssl().verify_result() {
+        X509VerifyResult::OK => write!(f, "{}", prefix)?,
+        verify => write!(f, "{}: cert verification failed - {}", prefix, verify)?,
+    }
+
+    if let Some(error) = s.error().io_error() {
+        return write!(f, " ({})", error);
+    }
+
+    if let Some(error) = s.error().ssl_error() {
+        let errors = error.errors();
+
+        if errors.is_empty() {
+            return Ok(());
+        }
+
+        f.write_str(":\n")?;
+
+        for error in errors {
+            let path = error.file();
+            let file = Path::new(path)
+                .file_name()
+                .and_then(|name| name.to_str())
+                .unwrap_or(path);
+
+            write!(
+                f,
+                "\n{} [{}] ({}:{})",
+                error.reason().unwrap_or("unknown error"),
+                error.code(),
+                file,
+                error.line()
+            )?;
+        }
+    }
+    Ok(())
+}
+
 impl<S> From<ErrorStack> for HandshakeError<S> {
    fn from(e: ErrorStack) -> HandshakeError<S> {
        HandshakeError::SetupFailure(e)