Browse code

tls: very verbose debug logging

Added very verbose debug messages. To enable them, compile with
-DTLS_RD_DEBUG for debugging the read path and with -DTLS_WR_DEBUG
for debugging the write path.

Andrei Pelinescu-Onciul authored on 22/06/2010 09:21:46
Showing 2 changed files
... ...
@@ -44,10 +44,10 @@
44 44
 #ifdef TLS_BIO_DEBUG
45 45
 	#ifdef __SUNPRO_C
46 46
 		#define TLS_BIO_DBG(...) \
47
-			LOG_(DEFAULT_FACILITY, L_INFO, "tls_BIO: " LOC_INFO, __VA_ARGS__)
47
+			LOG_(DEFAULT_FACILITY, L_INFO, "tls_BIO: " LOC_INFO,  __VA_ARGS__)
48 48
 	#else
49
-		#define TLS_BIO_DBG(fmt, args...) \
50
-			LOG_(DEFAULT_FACILITY, L_INFO, "tls_BIO: " LOC_INFO, fmt, ## args)
49
+		#define TLS_BIO_DBG(args...) \
50
+			LOG_(DEFAULT_FACILITY, L_INFO, "tls_BIO: " LOC_INFO, ## args)
51 51
 	#endif /* __SUNPRO_c */
52 52
 #else /* TLS_BIO_DEBUG */
53 53
 	#ifdef __SUNPRO_C
... ...
@@ -69,6 +69,65 @@
69 69
 #define TLS_RD_MBUF_SZ	65536
70 70
 #define TLS_WR_MBUF_SZ	65536
71 71
 
72
+
73
+/* debugging */
74
+#ifdef NO_TLS_RD_DEBUG
75
+#undef TLS_RD_DEBUG
76
+#endif
77
+
78
+#ifdef NO_TLS_WR_DEBUG
79
+#undef TLS_WR_DEBUG
80
+#endif
81
+#if defined TLS_RD_DEBUG || defined TLS_WR_DEBUG
82
+#define TLS_F_DEBUG
83
+#endif
84
+
85
+/* if NO_TLS_F_DEBUG or NO_TLS_DEBUG => no debug code */
86
+#if defined NO_TLS_F_DEBUG || defined NO_TLS_DEBUG
87
+#undef TLS_F_DEBUG
88
+#endif
89
+
90
+#ifdef TLS_F_DEBUG
91
+	#ifdef __SUNPRO_C
92
+		#define TLS_F_TRACE(fmt, ...) \
93
+			LOG_(DEFAULT_FACILITY, L_INFO, "TLS_TRACE: " LOC_INFO, " %s" fmt,\
94
+					_FUNC_NAME_,  __VA_ARGS__)
95
+	#else
96
+		#define TLS_F_TRACE(fmt, args...) \
97
+			LOG_(DEFAULT_FACILITY, L_INFO, "TLS_TRACE: " LOC_INFO, " %s" fmt,\
98
+					_FUNC_NAME_, ## args)
99
+	#endif /* __SUNPRO_c */
100
+#else /* TLS_F_DEBUG */
101
+	#ifdef __SUNPRO_C
102
+		#define TLS_F_TRACE(...)
103
+	#else
104
+		#define TLS_F_TRACE(fmt, args...)
105
+	#endif /* __SUNPRO_c */
106
+#endif /* TLS_F_DEBUG */
107
+
108
+/* tls_read debugging */
109
+#ifdef TLS_RD_DEBUG
110
+	#define TLS_RD_TRACE TLS_F_TRACE
111
+#else /* TLS_RD_DEBUG */
112
+	#ifdef __SUNPRO_C
113
+		#define TLS_RD_TRACE(...)
114
+	#else
115
+		#define TLS_RD_TRACE(fmt, args...)
116
+	#endif /* __SUNPRO_c */
117
+#endif /* TLS_RD_DEBUG */
118
+
119
+/* tls_write debugging */
120
+#ifdef TLS_WR_DEBUG
121
+	#define TLS_WR_TRACE TLS_F_TRACE
122
+#else /* TLS_RD_DEBUG */
123
+	#ifdef __SUNPRO_C
124
+		#define TLS_WR_TRACE(...)
125
+	#else
126
+		#define TLS_WR_TRACE(fmt, args...)
127
+	#endif /* __SUNPRO_c */
128
+#endif /* TLS_RD_DEBUG */
129
+
130
+
72 131
 /** finish the ssl init.
73 132
  * Creates the SSL and set extra_data to it.
74 133
  * Separated from tls_tcpconn_init to allow delayed ssl context
... ...
@@ -548,7 +607,7 @@ typedef int (*tcp_low_level_send_t)(int fd, struct tcp_connection *c,
548 548
 /** tls generic send function.
549 549
  * It is used by tls_do_send_f and tls_1st_send_f (which are wrappers
550 550
  * arround it).
551
- * WARNING: it must be called with c->write_lock held!
551
+ * WARNING: it must _not_ be called with c->write_lock held!
552 552
  * @param c - tcp connection
553 553
  * @param fd - valid file descriptor for the tcp connection
554 554
  * @param buf - data
... ...
@@ -556,6 +615,8 @@ typedef int (*tcp_low_level_send_t)(int fd, struct tcp_connection *c,
556 556
  * @param send_flags
557 557
  * @param resp - filled with a cmd. for tcp_main (@see tcpconn_do_send() for
558 558
  *               more details)
559
+ * @param tcp_do_send_f - callback for doing the tcp send (resp must
560
+ *                passed to it)
559 561
  * 
560 562
  * @return >=0 on success, < 0 on error && * resp == CON_ERROR.
561 563
  */
... ...
@@ -573,6 +634,10 @@ static int tls_generic_send(int fd, struct tcp_connection *c,
573 573
 	char* err_src;
574 574
 	int x;
575 575
 	
576
+	TLS_WR_TRACE("(%d, %p, %p, %d, send_flags, %p, %p) start (%s:%d* -> %s)\n",
577
+					fd, c, buf, len, resp, tcp_do_send_f,
578
+					ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port,
579
+					su2a(&c->rcv.src_su, sizeof(c->rcv.src_su)));
576 580
 	*resp = CONN_NOP;
577 581
 	n = 0;
578 582
 	offs = 0;
... ...
@@ -590,6 +655,8 @@ static int tls_generic_send(int fd, struct tcp_connection *c,
590 590
 	ssl = tls_c->ssl;
591 591
 	/* clear text already queued (WANTS_READ) queue directly*/
592 592
 	if (unlikely(tls_write_wants_read(tls_c))) {
593
+		TLS_WR_TRACE("(%p) WANTS_READ queue present => queueing"
594
+						" (%d bytes,  %p + %d)\n", c, len - offs, buf, offs);
593 595
 		if (unlikely(tls_ct_wq_add(&tls_c->ct_wq, buf+offs, len -offs) < 0)) {
594 596
 				ERR("ct write buffer full for %p (%d bytes)\n",
595 597
 						c, tls_c->ct_wq?tls_c->ct_wq->queued:0);
... ...
@@ -606,6 +673,7 @@ redo_wr:
606 606
 	}
607 607
 	if (unlikely(tls_c->state == S_TLS_CONNECTING)) {
608 608
 		n = tls_connect(c, &ssl_error);
609
+		TLS_WR_TRACE("(%p) tls_connect() => %d (err=%d)\n", c, n, ssl_error);
609 610
 		if (unlikely(n>=1)) {
610 611
 			n = SSL_write(ssl, buf + offs, len - offs);
611 612
 			if (unlikely(n <= 0))
... ...
@@ -618,6 +686,7 @@ redo_wr:
618 618
 		}
619 619
 	} else if (unlikely(tls_c->state == S_TLS_ACCEPTING)) {
620 620
 		n = tls_accept(c, &ssl_error);
621
+		TLS_WR_TRACE("(%p) tls_accept() => %d (err=%d)\n", c, n, ssl_error);
621 622
 		if (unlikely(n>=1)) {
622 623
 			n = SSL_write(ssl, buf + offs, len - offs);
623 624
 			if (unlikely(n <= 0))
... ...
@@ -633,7 +702,10 @@ redo_wr:
633 633
 		if (unlikely(n <= 0))
634 634
 			ssl_error = SSL_get_error(ssl, n);
635 635
 	}
636
+	TLS_WR_TRACE("(%p) SSL_write(%p + %d, %d) => %d (err=%d)\n",
637
+					c, buf, offs, len - offs, n, ssl_error);
636 638
 	if (wr.used ) {
639
+		TLS_WR_TRACE("(%p) sending (tcp) %d bytes\n", c, wr.used);
637 640
 		/* something was written */
638 641
 		if (unlikely( n < (len -offs)  && n >= 0)) {
639 642
 			/* if partial tls write, don't force close the tcp connection */
... ...
@@ -643,6 +715,8 @@ redo_wr:
643 643
 		if (unlikely(tcp_do_send_f(fd, c, (char*)wr.buf, wr.used,
644 644
 											send_flags, resp, 1) < 0)){
645 645
 			tls_set_mbufs(c, 0, 0);
646
+			TLS_WR_TRACE("(%p) tcp_do_send_f[%p] error sending %d bytes\n", c,
647
+							tcp_do_send_f, wr.used );
646 648
 			goto error_send;
647 649
 		}
648 650
 	}
... ...
@@ -659,6 +733,8 @@ redo_wr:
659 659
 				goto ssl_eof;
660 660
 			case SSL_ERROR_WANT_READ:
661 661
 				/* queue write buffer */
662
+				TLS_WR_TRACE("(%p) SSL_ERROR_WANT_READ => queueing for read"
663
+								" (%p + %d, %d)\n", c, buf, offs, len -offs);
662 664
 				if (unlikely(tls_ct_wq_add(&tls_c->ct_wq, buf+offs, len -offs)
663 665
 								< 0)) {
664 666
 					ERR("ct write buffer full (%d bytes)\n",
... ...
@@ -709,13 +785,18 @@ redo_wr:
709 709
 				goto bug;
710 710
 		}
711 711
 	} else if (unlikely(n < (len - offs))) {
712
-		/* partial ssl write => retry with the rest */
712
+		/* partial ssl write (possible if SSL_MODE_ENABLE_PARTIAL_WRITE) =>
713
+		   retry with the rest */
714
+		TLS_WR_TRACE("(%p) partial write (%d < %d, offset %d), retry\n",
715
+						c, n, len - offs, offs);
713 716
 		offs += n;
714 717
 		goto redo_wr;
715 718
 	}
716 719
 	tls_set_mbufs(c, 0, 0);
717 720
 end:
718 721
 	lock_release(&c->write_lock);
722
+	TLS_WR_TRACE("(%p) end (offs %d) => %d (*resp = %ld)\n",
723
+					c, len, len, *resp);
719 724
 	return len;
720 725
 error:
721 726
 error_send:
... ...
@@ -723,12 +804,16 @@ error_wq_full:
723 723
 bug:
724 724
 	tls_set_mbufs(c, 0, 0);
725 725
 	lock_release(&c->write_lock);
726
+	TLS_WR_TRACE("(%p) end error (offs %d) => (prev *resp = %ld)\n",
727
+					c, offs, *resp);
726 728
 	*resp = CONN_ERROR;
727 729
 	return -1;
728 730
 ssl_eof:
729 731
 	c->state = S_CONN_EOF;
730 732
 	lock_release(&c->write_lock);
731 733
 	DBG("TLS connection has been closed\n");
734
+	TLS_WR_TRACE("(%p) end EOF (offs %d) => (prev *resp = %ld)\n",
735
+					c, offs, *resp);
732 736
 	*resp = CONN_EOF;
733 737
 	return -1;
734 738
 }
... ...
@@ -738,7 +823,7 @@ ssl_eof:
738 738
 /** tls do_send callback.
739 739
  * It is called for all sends (by the tcp send code), except the first send
740 740
  * on an async connection (@see tls_1st_send).
741
- * WARNING: it must be called with c->write_lock held!
741
+ * WARNING: it must _not_ be called with c->write_lock held!
742 742
  * @param c - tcp connection
743 743
  * @param fd - valid file descriptor for the tcp connection
744 744
  * @param buf - data
... ...
@@ -762,7 +847,7 @@ int tls_do_send_f(int fd, struct tcp_connection *c,
762 762
 /** tls 1st_send callback.
763 763
  * It is called for the first send on an async tcp connection
764 764
  * (should be non-blocking).
765
- * WARNING: it must be called with c->write_lock held!
765
+ * WARNING: it must _not_ be called with c->write_lock held!
766 766
  * @param c - tcp connection
767 767
  * @param fd - valid file descriptor for the tcp connection
768 768
  * @param buf - data
... ...
@@ -823,15 +908,22 @@ int tls_read_f(struct tcp_connection* c, int* flags)
823 823
 	char* err_src;
824 824
 	int x;
825 825
 	
826
+	TLS_RD_TRACE("(%p, %p (%d)) start (%s -> %s:%d*)\n",
827
+					c, flags, *flags,
828
+					su2a(&c->rcv.src_su, sizeof(c->rcv.src_su)),
829
+					ip_addr2a(&c->rcv.dst_ip), c->rcv.dst_port);
826 830
 	ssl_read = 0;
827 831
 	r = &c->req;
828 832
 	enc_rd_buf = 0;
829 833
 	*flags &= ~RD_CONN_REPEAT_READ;
830 834
 	if (unlikely(c->extra_data == 0)) {
835
+		TLS_RD_TRACE("(%p, %p) 0 extra_data => intialize\n", c, flags);
831 836
 		/* not yet fully init => lock & intialize */
832 837
 		lock_get(&c->write_lock);
833 838
 			if (tls_fix_connection(c) < 0) {
834 839
 				lock_release(&c->write_lock);
840
+				TLS_RD_TRACE("(%p, %p) end: tls_fix_connection failed =>"
841
+								" immediate error exit\n", c, flags);
835 842
 				return -1;
836 843
 			}
837 844
 		lock_release(&c->write_lock);
... ...
@@ -860,6 +952,9 @@ redo_read:
860 860
 		   there can't be parallel reads on the same connection */
861 861
 		enc_rd_buf = tls_c->enc_rd_buf;
862 862
 		tls_c->enc_rd_buf = 0;
863
+		TLS_RD_TRACE("(%p, %p) using queued data (%p: %p %d bytes)\n", c,
864
+					flags, enc_rd_buf, enc_rd_buf->buf + enc_rd_buf->pos,
865
+					enc_rd_buf->size - enc_rd_buf->pos);
863 866
 		tls_mbuf_init(&rd, enc_rd_buf->buf + enc_rd_buf->pos,
864 867
 						enc_rd_buf->size - enc_rd_buf->pos);
865 868
 		rd.used = enc_rd_buf->size - enc_rd_buf->pos;
... ...
@@ -867,6 +962,8 @@ redo_read:
867 867
 		/* if we were using using queued data before, free & reset the
868 868
 			the queued read data before performing the real read() */
869 869
 		if (unlikely(enc_rd_buf)) {
870
+			TLS_RD_TRACE("(%p, %p) reset prev. used enc_rd_buf (%p)\n", c,
871
+							flags, enc_rd_buf);
870 872
 			shm_free(enc_rd_buf);
871 873
 			enc_rd_buf = 0;
872 874
 		}
... ...
@@ -879,6 +976,8 @@ redo_read:
879 879
 			read_size = MIN_unsigned(rd.size, bytes_free);
880 880
 			bytes_read = tcp_read_data(c->fd, c, (char*)rd.buf, read_size,
881 881
 										flags);
882
+			TLS_RD_TRACE("(%p, %p) tcp_read_data(..., %d, *%d) => %d bytes\n",
883
+						c, flags, read_size, *flags, bytes_read);
882 884
 			/* try SSL_read even on 0 bytes read, it might have
883 885
 			   internally buffered data */
884 886
 			if (unlikely(bytes_read < 0)) {
... ...
@@ -903,9 +1002,11 @@ continue_ssl_read:
903 903
 		n = 0;
904 904
 		if (unlikely(tls_write_wants_read(tls_c) &&
905 905
 						!(*flags & RD_CONN_EOF))) {
906
-			DBG("tls write on read (WRITE_WANTS_READ)\n");
907 906
 			n = tls_ct_wq_flush(c, &tls_c->ct_wq, &flush_flags,
908 907
 								&ssl_error);
908
+			TLS_RD_TRACE("(%p, %p) tls write on read (WRITE_WANTS_READ):"
909
+							" ct_wq_flush()=> %d (ff=%d ssl_error=%d))\n",
910
+							c, flags, n, flush_flags, ssl_error);
909 911
 			if (unlikely(n < 0 )) {
910 912
 				tls_set_mbufs(c, 0, 0);
911 913
 				lock_release(&c->write_lock);
... ...
@@ -920,6 +1021,8 @@ continue_ssl_read:
920 920
 		if (likely(ssl_error == SSL_ERROR_NONE)) {
921 921
 			if (unlikely(tls_c->state == S_TLS_CONNECTING)) {
922 922
 				n = tls_connect(c, &ssl_error);
923
+				TLS_RD_TRACE("(%p, %p) tls_connect() => %d (err=%d)\n",
924
+								c, flags, n, ssl_error);
923 925
 				if (unlikely(n>=1)) {
924 926
 					n = SSL_read(ssl, r->pos, bytes_free);
925 927
 				} else {
... ...
@@ -933,6 +1036,8 @@ continue_ssl_read:
933 933
 				}
934 934
 			} else if (unlikely(tls_c->state == S_TLS_ACCEPTING)) {
935 935
 				n = tls_accept(c, &ssl_error);
936
+				TLS_RD_TRACE("(%p, %p) tls_accept() => %d (err=%d)\n",
937
+								c, flags, n, ssl_error);
936 938
 				if (unlikely(n>=1)) {
937 939
 					n = SSL_read(ssl, r->pos, bytes_free);
938 940
 				} else {
... ...
@@ -1000,38 +1105,31 @@ continue_ssl_read:
1000 1000
 			if (unlikely(n <= 0)) {
1001 1001
 				ssl_error = SSL_get_error(ssl, n);
1002 1002
 				err_src = "TLS read:";
1003
+				TLS_RD_TRACE("(%p, %p) SSL_read() err=%d\n",
1004
+								c, flags, ssl_error);
1003 1005
 				/*  errors handled below, outside the lock */
1004 1006
 			} else {
1005 1007
 				ssl_error = SSL_ERROR_NONE;
1006 1008
 				r->pos += n;
1007 1009
 				ssl_read += n;
1008 1010
 				bytes_free -=n;
1009
-#if 0
1010
-				/* SSL_pending() can be used only if readahead==0 and only
1011
-				   if the whole output buffer was filled => useless, rely
1012
-				   on repeating SSL_read() until WANT_READ */
1013
-				if (unlikely(SSL_pending(ssl)>0)) {
1014
-					/* SSL_pending() will return how much bytes
1015
-					   in the _current_ record did not fit in the buffer
1016
-					   provided to the latest SSL_read(). It will return
1017
-					   _0_ if the whole record was read, even if
1018
-					   openssl has more records buffered (readahead=1). */
1019
-					tls_c->flags |= F_TLS_CON_SSL_PENDING;
1020
-					/* there is more data which didn't fit in the provided
1021
-					   buffer => ask for a repeat */
1022
-					*flags |= RD_CONN_REPEAT_READ;
1023
-				}
1024
-#endif
1025 1011
 			}
1012
+			TLS_RD_TRACE("(%p, %p) SSL_read() => %d (err=%d) ssl_read=%d"
1013
+							"*flags=%d tls_c->flags=%d\n",
1014
+							c, flags, n, ssl_error, ssl_read, *flags,
1015
+							tls_c->flags);
1026 1016
 ssl_read_skipped:
1027 1017
 			;
1028 1018
 		}
1029 1019
 		if (unlikely(wr.used != 0 && ssl_error != SSL_ERROR_ZERO_RETURN)) {
1020
+			TLS_RD_TRACE("(%p, %p) tcpconn_send_unsafe %d bytes\n",
1021
+							c, flags, wr.used);
1030 1022
 			/* something was written and it's not ssl EOF*/
1031 1023
 			if (unlikely(tcpconn_send_unsafe(c->fd, c, (char*)wr.buf,
1032 1024
 											wr.used, c->send_flags) < 0)) {
1033 1025
 				tls_set_mbufs(c, 0, 0);
1034 1026
 				lock_release(&c->write_lock);
1027
+				TLS_RD_TRACE("(%p, %p) tcpconn_send_unsafe error\n", c, flags);
1035 1028
 				goto error_send;
1036 1029
 			}
1037 1030
 		}
... ...
@@ -1047,11 +1145,11 @@ ssl_read_skipped:
1047 1047
 			break;
1048 1048
 		case SSL_ERROR_ZERO_RETURN:
1049 1049
 			/* SSL EOF */
1050
-			DBG("tls_read: SSL EOF on %p, FD %d\n", c, c->fd);
1050
+			TLS_RD_TRACE("(%p, %p) SSL EOF (fd=%d)\n", c, flags, c->fd);
1051 1051
 			goto ssl_eof;
1052 1052
 		case SSL_ERROR_WANT_READ:
1053
-			/* reset the SSL_PENDING flag (in case we end here due to
1054
-			   a failed write buffer flush) */
1053
+			TLS_RD_TRACE("(%p, %p) SSL_ERROR_WANT_READ *flags=%d\n",
1054
+							c, flags, *flags);
1055 1055
 			/* needs to read more data */
1056 1056
 			if (unlikely(rd.pos != rd.used)) {
1057 1057
 				/* data still in the read buffer */
... ...
@@ -1065,6 +1163,8 @@ ssl_read_skipped:
1065 1065
 				/* there might still be data to read and there is space
1066 1066
 				   to decrypt it in tcp_req (no byte has been written into
1067 1067
 				    tcp_req in this case) */
1068
+				TLS_RD_TRACE("(%p, %p) redo read *flags=%d bytes_free=%d\n",
1069
+								c, flags, *flags, bytes_free);
1068 1070
 				goto redo_read;
1069 1071
 			}
1070 1072
 			goto end; /* no more data to read */
... ...
@@ -1128,6 +1228,10 @@ ssl_read_skipped:
1128 1128
 				  No tcp_read() is attempted, since that would reset the
1129 1129
 				  current no-yet-consumed input data.
1130 1130
 				 */
1131
+				TLS_RD_TRACE("(%p, %p) input not fully consumed =>"
1132
+								" retry SSL_read"
1133
+								" (pos: %d, remaining %d, output free %d)\n",
1134
+								c, flags, rd.pos, rd.used-rd.pos, bytes_free);
1131 1135
 				goto continue_ssl_read;
1132 1136
 			}
1133 1137
 			/* 1i or 1ip: bytes_free == 0
... ...
@@ -1136,6 +1240,8 @@ ssl_read_skipped:
1136 1136
 			    once there is some space in the output buffer.
1137 1137
 			 */
1138 1138
 			if (likely(!enc_rd_buf)) {
1139
+				TLS_RD_TRACE("(%p, %p) creating enc_rd_buf (for %d bytes)\n",
1140
+								c, flags, rd.used - rd.pos);
1139 1141
 				enc_rd_buf = shm_malloc(sizeof(*enc_rd_buf) -
1140 1142
 										sizeof(enc_rd_buf->buf) +
1141 1143
 										rd.used - rd.pos);
... ...
@@ -1150,6 +1256,9 @@ ssl_read_skipped:
1150 1150
 				memcpy(enc_rd_buf->buf, rd.buf + rd.pos,
1151 1151
 										enc_rd_buf->size);
1152 1152
 			} else if ((enc_rd_buf->buf + enc_rd_buf->pos) == rd.buf) {
1153
+				TLS_RD_TRACE("(%p, %p) enc_rd_buf already in use,"
1154
+								" updating pos %d\n",
1155
+								c, flags, enc_rd_buf->pos);
1153 1156
 				enc_rd_buf->pos += rd.pos;
1154 1157
 			} else {
1155 1158
 				BUG("enc_rd_buf->buf = %p, pos = %d, rd_buf.buf = %p\n",
... ...
@@ -1172,6 +1281,8 @@ ssl_read_skipped:
1172 1172
 			/* still space in the tcp unenc. req. buffer, no SSL_read error,
1173 1173
 			   not a short read and not an EOF (possible more data in
1174 1174
 			   the socket buffer) => try a new tcp read too */
1175
+			TLS_RD_TRACE("(%p, %p) retry read (still space and no short"
1176
+							" tcp read: %d)\n", c, flags, *flags);
1175 1177
 			goto redo_read;
1176 1178
 		} else {
1177 1179
 			/* don't tcp_read() anymore, but there might still be data
... ...
@@ -1179,6 +1290,8 @@ ssl_read_skipped:
1179 1179
 			   retry SSL_read() with the current full input buffer
1180 1180
 			   (if no more internally SSL buffered data => WANT_READ => exit).
1181 1181
 			 */
1182
+			TLS_RD_TRACE("(%p, %p) retry SSL_read only (*flags =%d)\n",
1183
+							c, flags, *flags);
1182 1184
 			goto continue_ssl_read;
1183 1185
 		}
1184 1186
 	} else {
... ...
@@ -1189,11 +1302,15 @@ ssl_read_skipped:
1189 1189
 		    some internal buffered data until we get WANT_READ, see
1190 1190
 			SSL_read() comment above) */
1191 1191
 		*flags |= RD_CONN_REPEAT_READ;
1192
+		TLS_RD_TRACE("(%p, %p) output filled, exit asking to be called again"
1193
+						" (*flags =%d)\n", c, flags, *flags);
1192 1194
 	}
1193 1195
 	
1194 1196
 end:
1195 1197
 	if (enc_rd_buf)
1196 1198
 		shm_free(enc_rd_buf);
1199
+	TLS_RD_TRACE("(%p, %p) end => %d (*flags=%d)\n",
1200
+					c, flags, ssl_read, *flags);
1197 1201
 	return ssl_read;
1198 1202
 ssl_eof:
1199 1203
 	/* behave as an EOF would have been received at the tcp level */
... ...
@@ -1201,6 +1318,8 @@ ssl_eof:
1201 1201
 		shm_free(enc_rd_buf);
1202 1202
 	c->state = S_CONN_EOF;
1203 1203
 	*flags |= RD_CONN_EOF;
1204
+	TLS_RD_TRACE("(%p, %p) end EOF => %d (*flags=%d)\n",
1205
+					c, flags, ssl_read, *flags);
1204 1206
 	return ssl_read;
1205 1207
 error_send:
1206 1208
 error:
... ...
@@ -1208,5 +1327,7 @@ bug:
1208 1208
 	if (enc_rd_buf)
1209 1209
 		shm_free(enc_rd_buf);
1210 1210
 	r->error=TCP_READ_ERROR;
1211
+	TLS_RD_TRACE("(%p, %p) end error => %d (*flags=%d)\n",
1212
+					c, flags, ssl_read, *flags);
1211 1213
 	return -1;
1212 1214
 }