openssl icon indicating copy to clipboard operation
openssl copied to clipboard
verified publisher icon ruby

how to return SSL error stack

Open mcr opened this issue 5 years ago • 2 comments

A number of routines (I'm debugging ossl_x509extfactory_create_ext) need to log the entire SSL error call stack in order to provide better diagnostics. I know how to get this out as a string, but I'm not sure what the best way to return the error is. I think that we should return an array of strings (it's an error stack), and it's only really ever gonna be meaningful to humans. Please advise.

mcr avatar Jan 28 '20 19:01 mcr

Shouldn't it just raise an error with a backtrace?

ioquatix avatar Jan 28 '20 22:01 ioquatix

Samuel Williams [email protected] wrote: > Shouldn't it just raise an error with a backtrace?

OpenSSL has a stack of errors which can be formatted as text. a) this needs to be intelligently returned to the user, not just fprintf(stderr,)'ed, so that errors can be intelligently displayed. For instance, it's the only way to find out why a certificate with an obsolete algorithm won't load. (i.e. SHA1 inside RSA signature)

b) users should ideally rescue on some aspects of the backtrace, but each layer of the openssl system can return an error.

mcr avatar Jan 31 '20 16:01 mcr