openssl 3.0.0 / 1.1.1.e introduced a behavior change. When the peer s…

[esohns]

…imply closes the connection without notifying its client, a specific error is now generated by SSL. With this commit, ACE_SSL handles this error gracefully.

Also, this patch includes some minor code cleanup such as more consistent error handling in the same file.

Summary by CodeRabbit

• Bug Fixes
  • Enhanced error reporting for secure communications, ensuring more consistent behavior during connection disruptions.
• Refactor
  • Streamlined control flow for non-blocking operations, leading to improved reliability.
• Chores
  • Updated dependencies to support advanced error detection and handling.

[coderabbitai]

Walkthrough

The changes update the error handling and control flow within the ACE_SSL_SOCK_Stream class. Enhancements include better management of specific SSL error cases in the recv_i method, improved timeout checks for non-blocking operations in both recv_i and send_i, and clearer error retrieval in the close method. New OpenSSL headers have been added for refined error processing. These modifications focus on using more explicit variable scoping and separation of concerns while capturing the last error appropriately.

Changes

File Path

Change Summary

ACE/ace/SSL/SSL_SOCK_Stream.inl

- Enhanced error handling in recv_i: Adds case for SSL_ERROR_SSL with check for SSL_R_UNEXPECTED_EOF_WHILE_READING and refined handling for SSL_ERROR_WANT_READ/WANT_WRITE (with timeout checks). - Uses local constant for substat variable. - Modifies close method to use a separate variable (status_2) for error retrieval and ensures ACE_OS::set_errno_to_last_error() is called appropriately. - Adds OpenSSL header includes.

Sequence Diagram(s)

Loading

sequenceDiagram
    participant App as Application
    participant Stream as ACE_SSL_SOCK_Stream::recv_i
    participant OpenSSL as OpenSSL Lib
    participant Error as Error Handler

    App->>Stream: Call recv_i()
    Stream->>OpenSSL: Perform SSL_read
    OpenSSL-->>Stream: Result/Error Code
    Stream->>Stream: Call SSL_get_error()
    alt Error is SSL_ERROR_SSL with unexpected EOF
        Stream->>Error: Process default error handling
    else Error is SSL_ERROR_WANT_READ/WANT_WRITE
        Stream->>Stream: Check for timeout
        alt No timeout
            Stream->>Error: Set errno to EWOULDBLOCK
        end
    else Other errors
        Stream->>Error: Handle error normally
    end
    Stream-->>App: Return result or error

Loading

sequenceDiagram
    participant App as Application
    participant Stream as ACE_SSL_SOCK_Stream::close
    participant OpenSSL as OpenSSL Lib
    participant Error as Error Reporter

    App->>Stream: Call close()
    Stream->>OpenSSL: Retrieve error status via SSL_get_error
    OpenSSL-->>Stream: Error status (status_2)
    Stream->>Error: Call ACE_OS::set_errno_to_last_error()
    Stream-->>App: Return close status

Poem

I'm a bunny hopping through the code,
Tweaks and fixes light my humble abode.
Error paths now clear as day,
In recv and close I hop away.
With OpenSSL by my side, I cheer—
CodeRabbit magic, oh so dear!
🐰✨

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

ACE/ace/SSL/SSL_SOCK_Stream.inl (1)

191-232: Conditional logic for unexpected OpenSSL EOF looks correct; consider avoiding goto.
Using goto default_ is functional and follows ACE's style in some areas, yet it can reduce clarity. A structured approach or direct branching might be preferable in more modern C++.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 13acc82 and 926f2a6.

📒 Files selected for processing (1)

• ACE/ace/SSL/SSL_SOCK_Stream.inl (6 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (21)

• GitHub Check: ubuntu-20.04 g++-10 CodeQL
• GitHub Check: ubuntu-20.04 g++-10 ACE for TAO
• GitHub Check: ubuntu-20.04 g++-10 CORBA/e compact
• GitHub Check: ubuntu-22.04 clang++-16
• GitHub Check: ubuntu-22.04 clang++-15
• GitHub Check: ubuntu-22.04 clang++-14
• GitHub Check: ubuntu-20.04 clang++-13
• GitHub Check: ubuntu-20.04 clang++-12
• GitHub Check: ubuntu-20.04 clang++-11
• GitHub Check: ubuntu-20.04 clang++-10
• GitHub Check: ubuntu-20.04 clang++-9
• GitHub Check: ubuntu-20.04 clang++-8
• GitHub Check: ubuntu-20.04 clang++-7
• GitHub Check: ubuntu-20.04 clang++-6.0
• GitHub Check: Codacy Static Code Analysis
• GitHub Check: windows-2019 vs2019
• GitHub Check: macos-14-C++
• GitHub Check: ubuntu-22.04 g++-12
• GitHub Check: macos-13-C++
• GitHub Check: ubuntu-20.04 g++-10
• GitHub Check: alpine-3.18

🔇 Additional comments (3)

ACE/ace/SSL/SSL_SOCK_Stream.inl (3)

2-3: Includes look appropriate.
These headers are correctly added for OpenSSL-specific functionality and refined error handling.

---

159-180: Ensure negative return from ACE::handle_ready() is handled.
When ACE::handle_ready() returns -1, the code sets bytes_read to -1 but doesn't explicitly set errno. Verify that ACE::handle_ready() or subsequent code paths properly set errno so that upstream callers can accurately diagnose the failure.

---

346-376: Refined error handling in close() is consistent and clear.
Storing the result of SSL_get_error() in a separate variable and explicitly resetting the handle upon error helps maintain clarity and consistency. No issues found.