lua-resty-string icon indicating copy to clipboard operation
lua-resty-string copied to clipboard

Published 20 hours ago verified publisher icon openresty

AES get error message

Open toruneko opened this issue 6 years ago • 4 comments

toruneko avatar Mar 30 '19 08:03 toruneko

This patch not only improves informativity but also eliminates the following alert in the nginx log:

[alert] ... ignoring stale global SSL error (<error message>)

The alert is emitted during the successful subsequent method call.

un-def avatar Jul 15 '20 14:07 un-def

@un-def could you help to add more test to cover the more error case?

syzh avatar Jul 18 '20 14:07 syzh

@syzh what error cases did you mean? Should we add test cases for each OpenSSL FFI call that can produce an error (in other words, cover each place where get_error is used, 8 different OpenSSL functions)?

BTW, I am not the author of this PR :) I just came across it when discovered the reason of stale global SSL error alerts in my logs.

un-def avatar Jul 19 '20 11:07 un-def

Hello Team,

I hope this PR has not been frozen in development, as the Decrypt Failures can lead to OpenSSL SSL Handshake errors, as the NGINX SSL Handshake Flow checks for errors in the process. (and this decrypt will show up and prevent successful SSL Handshake, even with a valid certificate)

I have for now bypassed this issue by calling the ERR_get_error in my own code if the decrypt returns nil, but this PR proposes a much cleaner and more unified solution.

👍 to this PR, please seriously review this as even unrelated decrypt failures cause SSL handshake errors and prevent successful requests.

Thanks!

RaidAndFade avatar Jul 15 '22 17:07 RaidAndFade