s2n-tls icon indicating copy to clipboard operation
s2n-tls copied to clipboard

Published 20 hours ago verified publisher icon aws

Capture OpenSSL error codes

Open danielsn opened this issue 7 years ago • 3 comments
trafficstars

OpenSSL has an error reporting mechanism https://www.openssl.org/docs/man1.0.2/crypto/err.html When we see an error calling an openSSL function, we should really take advantage of this error message.

danielsn avatar Feb 02 '18 19:02 danielsn

Probably the best way to do this is with a GUARD_OSSL(fun, S2N_ERROR_CODE) macro

danielsn avatar Feb 02 '18 19:02 danielsn

Openssl maintains an error queue per thread. An application using s2n may also want to use libcrypto directly for other reasons. It is best if s2n leaves the Openssl error queue in a sane state. When we hit a libcrypto error s2n I think it makes sense to immediately consume the error from the queue and save it in our own thread-local state.

raycoll avatar Feb 02 '18 21:02 raycoll

https://www.openssl.org/docs/man1.0.2/man3/ERR_get_error_line_data.html

danielsn avatar Jan 23 '20 21:01 danielsn

We are cleaning up stale feature requests. Please reopen this issue if you believe it should be reprioritized.

jouho avatar Jan 30 '25 18:01 jouho