define some return codes

dormando · May 22, 2024 · ce19ba1 · ce19ba1
1 parent 4ccee07
commit ce19ba1
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 28 deletions.
diff --git a/proxy_network.c b/proxy_network.c
@@ -1055,11 +1055,11 @@ static int _flush_pending_tls_write(struct mcp_backendconn_s *be) {
             be->can_write = false;
             flags |= EV_WRITE;
         }
-    } else if (sent == -1) {
+    } else if (sent == MCP_TLS_NEEDIO) {
         // want io
         be->can_write = false;
         flags |= EV_WRITE;
-    } else if (sent == -2) {
+    } else if (sent == MCP_TLS_ERR) {
         // hard error from tls
         flags = -1;
     }
@@ -1114,11 +1114,11 @@ static void proxy_bevalidate_tls_handler(const int fd, const short which, void *
             // not connected or error.
             _reset_bad_backend(be, P_BE_FAIL_DISCONNECTED);
             return;
-        } else if (read == -1) {
+        } else if (read == MCP_TLS_NEEDIO) {
             // try again failure.
             _set_main_event(be, be->event_thread->base, EV_READ, &tmp_time, proxy_bevalidate_tls_handler);
             return;
-        } else if (read == -2) {
+        } else if (read == MCP_TLS_ERR) {
             // hard failure.
             _reset_bad_backend(be, P_BE_FAIL_READING);
             return;
@@ -1189,13 +1189,13 @@ static void proxy_beconn_tls_handler(const int fd, const short which, void *arg)
 
     assert(be->validating);
     int ret = mcp_tls_handshake(be);
-    if (ret == 0) {
+    if (ret == MCP_TLS_NEEDIO) {
         // Need to try again.
         _set_main_event(be, be->event_thread->base, EV_READ, &tmp_time, proxy_beconn_tls_handler);
         return;
     } else if (ret == 1) {
         // handshake complete.
-        if (mcp_tls_send_validate(be) != 1) {
+        if (mcp_tls_send_validate(be) != MCP_TLS_OK) {
             _reset_bad_backend(be, P_BE_FAIL_BADVALIDATE);
             return;
         }
@@ -1364,10 +1364,10 @@ static void proxy_backend_tls_handler(const int fd, const short which, void *arg
             // not connected or error.
             _reset_bad_backend(be, P_BE_FAIL_DISCONNECTED);
             return;
-        } else if (read == -1) {
+        } else if (read == MCP_TLS_NEEDIO) {
             // sit on epoll again.
             return;
-        } else if (read == -2) {
+        } else if (read == MCP_TLS_ERR) {
             _reset_bad_backend(be, P_BE_FAIL_READING);
             return;
         }

diff --git a/proxy_tls.c b/proxy_tls.c
@@ -21,15 +21,16 @@
  *   SSL_connect()) for defense against bugs in our code or OpenSSL.
  */
 
+// TODO: int -> enum?
 int mcp_tls_init(proxy_ctx_t *ctx) {
     if (ctx->tls_ctx) {
-        return 0;
+        return MCP_TLS_OK;
     }
 
     // TODO: check for OpenSSL 1.1+ ? should be elsewhere in the code.
     SSL_CTX *tctx = SSL_CTX_new(TLS_client_method());
     if (tctx == NULL) {
-        return -1;
+        return MCP_TLS_ERR;
     }
 
     // TODO: make configurable like main cache server
@@ -43,19 +44,19 @@ int mcp_tls_init(proxy_ctx_t *ctx) {
 
 int mcp_tls_backend_init(proxy_ctx_t *ctx, struct mcp_backendconn_s *be) {
     if (!be->be_parent->tunables.use_tls) {
-        return 0;
+        return MCP_TLS_OK;
     }
 
     SSL *ssl = SSL_new(ctx->tls_ctx);
     if (ssl == NULL) {
-        return -1;
+        return MCP_TLS_ERR;
     }
 
     be->ssl = ssl;
     // SSL_set_fd() will free a pre-existing BIO and allocate a new one
     // so we set any file descriptor at connect time instead.
 
-    return 0;
+    return MCP_TLS_OK;
 }
 
 // Contrary to the name of this function, the underlying tcp socket must
@@ -66,35 +67,35 @@ int mcp_tls_connect(struct mcp_backendconn_s *be) {
 
     ERR_clear_error();
     int n = SSL_connect(be->ssl);
-    int ret = 1;
+    int ret = MCP_TLS_OK;
     // TODO: complete error handling.
     if (n == 1) {
         // Successfully established and handshake complete.
     } else if (n == 0) {
         // Not successsful, but shut down normally.
         ERR_clear_error();
-        ret = -1;
+        ret = MCP_TLS_ERR;
     } else if (n < 0) {
         // Not successful. Check for temporary error.
 
         // clear all errors in case of other junk.
         ERR_clear_error();
-        ret = -1;
+        ret = MCP_TLS_ERR;
     }
 
     return ret;
 }
 
 int mcp_tls_handshake(struct mcp_backendconn_s *be) {
     if (SSL_is_init_finished(be->ssl)) {
-        return 1;
+        return MCP_TLS_OK;
     }
 
     // Non hot path, so clear errors before running.
     ERR_clear_error();
     int n = SSL_do_handshake(be->ssl);
     if (n == 1) {
-        return 1;
+        return MCP_TLS_OK;
     }
 
     int err = SSL_get_error(be->ssl, n);
@@ -105,12 +106,12 @@ int mcp_tls_handshake(struct mcp_backendconn_s *be) {
         err == SSL_ERROR_WANT_WRITE) {
         // So far as I can tell there would be an error on the queue here.
         ERR_clear_error();
-        return 0;
+        return MCP_TLS_NEEDIO;
     } else {
         // TODO: can get the full error message and give to the caller to log
         // to proxyevents?
         ERR_clear_error();
-        return -1;
+        return MCP_TLS_ERR;
     }
 }
 
@@ -125,10 +126,10 @@ int mcp_tls_send_validate(struct mcp_backendconn_s *be) {
     // TODO: more detailed error checking.
     if (n < 0 || n != len) {
         ERR_clear_error();
-        return -1;
+        return MCP_TLS_ERR;
     }
 
-    return 1;
+    return MCP_TLS_OK;
 }
 
 int mcp_tls_read(struct mcp_backendconn_s *be) {
@@ -139,18 +140,18 @@ int mcp_tls_read(struct mcp_backendconn_s *be) {
         if (err == SSL_ERROR_WANT_WRITE ||
             err == SSL_ERROR_WANT_READ) {
             ERR_clear_error();
-            return -1;
+            return MCP_TLS_NEEDIO;
         } else {
             // TODO: log detailed error.
             ERR_clear_error();
-            return -2;
+            return MCP_TLS_ERR;
         }
     } else {
         be->rbufused += n;
         return n;
     }
 
-    return 1;
+    return 0;
 }
 
 // TODO: option.
@@ -167,7 +168,7 @@ int mcp_tls_writev(struct mcp_backendconn_s *be, int iovcnt) {
         et->tls_wbuf_size = TLS_WBUF_SIZE;
         et->tls_wbuf = malloc(et->tls_wbuf_size);
         if (et->tls_wbuf == NULL) {
-            return -2;
+            return MCP_TLS_ERR;
         }
     }
     size_t remain = et->tls_wbuf_size;
@@ -192,10 +193,10 @@ int mcp_tls_writev(struct mcp_backendconn_s *be, int iovcnt) {
         if (err == SSL_ERROR_WANT_WRITE ||
             err == SSL_ERROR_WANT_READ) {
             ERR_clear_error();
-            return -1;
+            return MCP_TLS_NEEDIO;
         }
         ERR_clear_error();
-        return -2;
+        return MCP_TLS_ERR;
     }
 
     return n;

diff --git a/proxy_tls.h b/proxy_tls.h
@@ -8,6 +8,12 @@
 // leaving the header empty and redefining everything in the .c file, but if
 // the balance changes we should switch to always doing that.
 
+enum mcp_tls_ret {
+    MCP_TLS_OK = 1,
+    MCP_TLS_NEEDIO = -1,
+    MCP_TLS_ERR = -2,
+};
+
 #ifdef PROXY_TLS
 int mcp_tls_init(proxy_ctx_t *ctx);
 int mcp_tls_backend_init(proxy_ctx_t *ctx, struct mcp_backendconn_s *be);