Added error callback infrastructure.

This adds three levels and four kinds of callbacks for reporting errors
from Serf: global, context-specific and (incoming or outgoing) connection
-specific. Request and response code will use their their connection's
callback, but add extra flags to indicate the source of the error message.

The SSL code in ssl_buckets.c uses an error context that callers can (or
rather "will be able to") define so that error messages get sent to
the appropriate, caller-specific callback. This part is not yet implemented
because it requires revising some of our SSL APIs.

* CMakeLists.txt: Check if <unistd.h> is available, used by tests.
  (SOURCES): Add the error_callbacks.c file.
* SConstruct: Check for <unistd.h>, as above.

* serf.h: Add public error callback prototypes and constants.
   Too many of them to list here individually.

* serf_bucket_types.h
  (serf_ssl_error_cb_set, serf_ssl_error_cb_t): Removed, obsolete.

* serf_private.h: Add private helpers for sending error messages to
   callbacks and the ssl_context infrastructure for handling errors.
  (serf_context_t): Add error_callback and error_callback_baton.
  (serf_incoming_t): Likewise.
  (serf_connection_t): Here, too.

* buckets/ssl_buckets.c:
   Update all calls to the removed ssl-specific error callback to use
   the new dispatch_ssl_error.
  (serf_ssl_context_t) Remove error_callback and error_baton.
  (global_error_ctx): New fallback error context, sends to global callback.
  (dispatch_ssl_error): New, calls an error context's dispatcher.
  (log_ssl_error): Use dispatch_ssl_error().

* src/error_callbacks.c: New file. Implements all the private helpers
   declared in serf_private.h, and also:
  (serf_global_error_callback_set): Implement here.

* src/context.c
  (serf_context_error_callback_set): Implement here.

* src/incoming.c
  (serf_incoming_error_callback_set): Implement here.

* src/outgoing.c
  (serf_connection_error_callback_set): Implement here.

* test/test_util.c
  (isatty): Import from headers if available, otherwise fake it.
  (test_error_callback): New, an error callback for the test suite.
  (setup_test_context): Register test_error_callback in verbose mode.


git-svn-id: https://svn.apache.org/repos/asf/serf/trunk@1931047 13f79535-47bb-0310-9956-ffa450edef68

Author: brainy

CMakeLists.txt

@@ -137,6 +137,7 @@ list(APPEND EXPORTS_BLACKLIST
 list(APPEND SOURCES
     "src/config_store.c"
     "src/context.c"
+    "src/error_callbacks.c"
     "src/deprecated.c"
     "src/incoming.c"
     "src/inet_pton.c"
@@ -393,6 +394,7 @@ CheckFunction("SSL_library_init" "" "SERF_HAVE_OPENSSL_SSL_LIBRARY_INIT"
               "openssl/ssl.h" "${OPENSSL_INCLUDE_DIR}"
               ${OPENSSL_LIBRARIES} ${SERF_STANDARD_LIBRARIES})
 CheckHeader("stdbool.h" "HAVE_STDBOOL_H=1")
+CheckHeader("unistd.h" "HAVE_UNISTD_H=1")
 CheckType("OSSL_HANDSHAKE_STATE" "openssl/ssl.h" "SERF_HAVE_OSSL_HANDSHAKE_STATE" ${OPENSSL_INCLUDE_DIR})
 if(Brotli_FOUND)
   CheckType("BrotliDecoderResult" "brotli/decode.h" "SERF_HAVE_BROTLI_DECODER_RESULT" ${BROTLI_INCLUDE_DIR})

SConstruct

@@ -727,6 +727,8 @@ if CALLOUT_OKAY:
   ### some configuration stuffs
   if conf.CheckCHeader('stdbool.h'):
     env.Append(CPPDEFINES=['HAVE_STDBOOL_H'])
+  if conf.CheckCHeader('unistd.h'):
+    env.Append(CPPDEFINES=['HAVE_UNISTD_H'])
 
   env = conf.Finish()
 

buckets/ssl_buckets.c

@@ -206,10 +206,6 @@ struct serf_ssl_context_t {
     X509 *cached_cert;
     EVP_PKEY *cached_cert_pw;
 
-    /* Error callback */
-    serf_ssl_error_cb_t error_callback;
-    void *error_baton;
-
     apr_status_t pending_err;
 
     /* Status of a fatal error, returned on subsequent encrypt or decrypt
@@ -229,6 +225,31 @@ struct serf_ssl_context_t {
     serf_config_t *config;
 };
 
+/* The fallback SSL error context which logs to the global error callback. */
+static const serf__ssl_error_ctx_t global_error_ctx = {
+    serf__global_ssl_error,     /* dispatcher */
+    NULL                        /* baton */
+};
+
+static apr_status_t dispatch_ssl_error(const serf__ssl_error_ctx_t *err_ctx,
+                                       apr_status_t status,
+                                       const char *message)
+{
+    return err_ctx->dispatch(err_ctx->baton, status, message);
+}
+
+static void log_ssl_error(const serf__ssl_error_ctx_t *err_ctx,
+                          apr_status_t status)
+{
+    unsigned long err;
+
+    while ((err = ERR_get_error())) {
+        char ebuf[256];
+        ERR_error_string_n(err, ebuf, sizeof(ebuf));
+        dispatch_ssl_error(err_ctx, status, ebuf);
+    }
+}
+
 typedef struct ssl_context_t {
     /* The bucket-independent ssl context that this bucket is associated with */
     serf_ssl_context_t *ssl_ctx;
@@ -355,21 +376,6 @@ detect_renegotiate(const SSL *s, int where, int ret)
     }
 }
 
-static void log_ssl_error(serf_ssl_context_t *ctx)
-{
-    unsigned long err;
-
-    while ((err = ERR_get_error())) {
-
-        if (err && ctx->error_callback) {
-            char ebuf[256];
-            ERR_error_string_n(err, ebuf, sizeof(ebuf));
-            ctx->error_callback(ctx->error_baton, ctx->fatal_err, ebuf);
-        }
-
-    }
-}
-
 static void bio_set_data(BIO *bio, void *data)
 {
 #ifndef SERF_NO_SSL_BIO_WRAPPERS
@@ -1096,7 +1102,7 @@ static apr_status_t status_from_ssl_error(serf_ssl_context_t *ctx,
                     ctx->fatal_err = SERF_ERROR_SSL_COMM_FAILED;
 
                 status = ctx->fatal_err;
-                log_ssl_error(ctx);
+                log_ssl_error(&global_error_ctx, status);
             }
             break;
 
@@ -1110,7 +1116,7 @@ static apr_status_t status_from_ssl_error(serf_ssl_context_t *ctx,
 
         default:
             status = ctx->fatal_err = SERF_ERROR_SSL_COMM_FAILED;
-            log_ssl_error(ctx);
+            log_ssl_error(&global_error_ctx, status);
             break;
     }
 
@@ -1217,7 +1223,7 @@ static apr_status_t ssl_decrypt(void *baton, apr_size_t bufsize,
         } else {
             /* A fatal error occurred. */
             ctx->fatal_err = status = SERF_ERROR_SSL_COMM_FAILED;
-            log_ssl_error(ctx);
+            log_ssl_error(&global_error_ctx, status);
         }
     } else {
         *len = ssl_len;
@@ -1675,14 +1681,12 @@ static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey)
 
         store = OSSL_STORE_open(cert_uri, ui_method, ctx, NULL, NULL);
         if (!store) {
+            char ebuf[1024];
+            ctx->fatal_err = SERF_ERROR_SSL_CERT_FAILED;
+            apr_snprintf(ebuf, sizeof(ebuf), "could not open URI: %s", cert_uri);
+            dispatch_ssl_error(&global_error_ctx, ctx->fatal_err, ebuf);
 
-            if (ctx->error_callback) {
-                char ebuf[1024];
-                ctx->fatal_err = SERF_ERROR_SSL_CERT_FAILED;
-                apr_snprintf(ebuf, sizeof(ebuf), "could not open URI: %s", cert_uri);
-                ctx->error_callback(ctx->error_baton, ctx->fatal_err, ebuf);
-            }
-
+            log_ssl_error(&global_error_ctx, ctx->fatal_err);
             break;
         }
 
@@ -1697,14 +1701,12 @@ static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey)
             }
 
             if (!info) {
+                char ebuf[1024];
+                ctx->fatal_err = SERF_ERROR_SSL_CERT_FAILED;
+                apr_snprintf(ebuf, sizeof(ebuf), "could not read URI: %s", cert_uri);
+                dispatch_ssl_error(&global_error_ctx, ctx->fatal_err, ebuf);
 
-                if (ctx->error_callback) {
-                    char ebuf[1024];
-                    ctx->fatal_err = SERF_ERROR_SSL_CERT_FAILED;
-                    apr_snprintf(ebuf, sizeof(ebuf), "could not read URI: %s", cert_uri);
-                    ctx->error_callback(ctx->error_baton, ctx->fatal_err, ebuf);
-                }
-
+                log_ssl_error(&global_error_ctx, ctx->fatal_err);
                 break;
             }
 
@@ -1824,8 +1826,7 @@ static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey)
     UI_destroy_method(ui_method);
 
     if (ERR_peek_error()) {
-        log_ssl_error(ctx);
-
+        log_ssl_error(&global_error_ctx, ctx->fatal_err);
         return -1;
     }
 
@@ -1888,13 +1889,13 @@ static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey)
                                ctx->pool);
 
         if (status) {
-            if (ctx->error_callback) {
-                char ebuf[1024];
-                apr_snprintf(ebuf, sizeof(ebuf), "could not open PKCS12: %s", cert_path);
-                ctx->error_callback(ctx->error_baton, ctx->fatal_err, ebuf);
-                apr_strerror(status, ebuf, sizeof(ebuf));
-                ctx->error_callback(ctx->error_baton, ctx->fatal_err, ebuf);
-            }
+            char ebuf[1024];
+            apr_snprintf(ebuf, sizeof(ebuf), "could not open PKCS12: %s", cert_path);
+            dispatch_ssl_error(&global_error_ctx, status, ebuf);
+            apr_strerror(status, ebuf, sizeof(ebuf));
+            dispatch_ssl_error(&global_error_ctx, status, ebuf);
+
+            ctx->fatal_err = status;
             return -1;
         }
 
@@ -1926,10 +1927,12 @@ static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey)
             return 1;
         }
         else {
+            char ebuf[1024];
             unsigned long err = ERR_get_error();
             ERR_clear_error();
             if (ERR_GET_LIB(err) == ERR_LIB_PKCS12 &&
-                ERR_GET_REASON(err) == PKCS12_R_MAC_VERIFY_FAILURE) {
+                ERR_GET_REASON(err) == PKCS12_R_MAC_VERIFY_FAILURE)
+            {
                 if (ctx->cert_pw_callback) {
                     const char *password;
 
@@ -1973,44 +1976,33 @@ static int ssl_need_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey)
                             return 1;
                         }
                         else {
+                            ctx->fatal_err = SERF_ERROR_SSL_CERT_FAILED;
+                            apr_snprintf(ebuf, sizeof(ebuf), "could not parse PKCS12: %s", cert_path);
+                            dispatch_ssl_error(&global_error_ctx, ctx->fatal_err, ebuf);
 
-                            if (ctx->error_callback) {
-                                char ebuf[1024];
-                                ctx->fatal_err = SERF_ERROR_SSL_CERT_FAILED;
-                                apr_snprintf(ebuf, sizeof(ebuf), "could not parse PKCS12: %s", cert_path);
-                                ctx->error_callback(ctx->error_baton, ctx->fatal_err, ebuf);
-                            }
-
-                            log_ssl_error(ctx);
+                            log_ssl_error(&global_error_ctx, ctx->fatal_err);
                             return -1;
                         }
                     }
                 }
                 PKCS12_free(p12);
                 bio_meth_free(biom);
 
-                if (ctx->error_callback) {
-                    char ebuf[1024];
-                    ctx->fatal_err = SERF_ERROR_SSL_CERT_FAILED;
-                    apr_snprintf(ebuf, sizeof(ebuf), "PKCS12 needs a password: %s", cert_path);
-                    ctx->error_callback(ctx->error_baton, ctx->fatal_err, ebuf);
-                }
+                ctx->fatal_err = SERF_ERROR_SSL_CERT_FAILED;
+                apr_snprintf(ebuf, sizeof(ebuf), "PKCS12 needs a password: %s", cert_path);
+                dispatch_ssl_error(&global_error_ctx, ctx->fatal_err, ebuf);
 
-                log_ssl_error(ctx);
+                log_ssl_error(&global_error_ctx, ctx->fatal_err);
                 return -1;
             }
             else {
                 PKCS12_free(p12);
                 bio_meth_free(biom);
 
-                if (ctx->error_callback) {
-                    char ebuf[1024];
-                    ctx->fatal_err = SERF_ERROR_SSL_CERT_FAILED;
-                    apr_snprintf(ebuf, sizeof(ebuf), "could not parse PKCS12: %s", cert_path);
-                    ctx->error_callback(ctx->error_baton, ctx->fatal_err, ebuf);
-                }
+                ctx->fatal_err = SERF_ERROR_SSL_CERT_FAILED;
+                dispatch_ssl_error(&global_error_ctx, ctx->fatal_err, ebuf);
 
-                log_ssl_error(ctx);
+                log_ssl_error(&global_error_ctx, ctx->fatal_err);
                 return -1;
             }
         }
@@ -2088,15 +2080,6 @@ void serf_ssl_server_cert_chain_callback_set(
     context->server_cert_userdata = data;
 }
 
-void serf_ssl_error_cb_set(
-    serf_ssl_context_t *context,
-    serf_ssl_error_cb_t callback,
-    void *baton)
-{
-    context->error_callback = callback;
-    context->error_baton = baton;
-}
-
 static int ssl_new_session(SSL *ssl, SSL_SESSION *session)
 {
     serf_ssl_context_t *ctx = SSL_get_app_data(ssl);
@@ -2162,9 +2145,6 @@ static serf_ssl_context_t *ssl_init_context(serf_bucket_alloc_t *allocator)
     ssl_ctx->protocol_callback = NULL;
     ssl_ctx->protocol_userdata = NULL;
 
-    ssl_ctx->error_callback = NULL;
-    ssl_ctx->error_baton = NULL;
-
     SSL_CTX_set_verify(ssl_ctx->ctx, SSL_VERIFY_PEER,
                        validate_server_certificate);
     SSL_CTX_set_options(ssl_ctx->ctx, SSL_OP_ALL);
@@ -2410,14 +2390,10 @@ apr_status_t serf_ssl_load_cert_file(
 
         return APR_SUCCESS;
     }
-#if 0
-    else {
-        /* If we'd have had a serf context *, we could have used serf logging */
-        ERR_print_errors_fp(stderr);
-    }
-#endif
 
-    return SERF_ERROR_SSL_CERT_FAILED;
+    status = SERF_ERROR_SSL_CERT_FAILED;
+    log_ssl_error(&global_error_ctx, status);
+    return status;
 }
 
 
@@ -2479,7 +2455,7 @@ apr_status_t serf_ssl_add_crl_from_file(serf_ssl_context_t *ssl_ctx,
     result = X509_STORE_add_crl(store, crl);
     if (!result) {
         ssl_ctx->fatal_err = status = SERF_ERROR_SSL_CERT_FAILED;
-        log_ssl_error(ssl_ctx);
+        log_ssl_error(&global_error_ctx, status);
         return status;
     }