SSL Improvements (2) #10866
Merged
SSL Improvements (2) #10866
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Change-Id: Iedd2713d405720b90e8bfb6d4b4edf4708dda751 Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Change-Id: I2ab0e5e94071895d227f0469dd0f62a7d9310255 Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Change-Id: I6235ec5a6e84ebcf6e9a4131fb0e94de961a61fe Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
SSL_ERROR_WANT_RETRY_VERIFY was added in version 3.0.1 of OpenSSL, so it's not available with 1.1.1. Also, simplify the version number comparison. Change-Id: Ie7315b2a3f96e2e81dabf9f4e032698f2ffbc9c3 Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Change-Id: I4cd756422d6fb72e2132386ae0b0c1af6ca504af Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
The catch-all case still needs to know what errors it could deal with, so we handle them properly. For now, we only expect SYSCALL and SSL errors only. Change-Id: I5a21abe636dfede4174d8be8cc8001fcdbfcc12d Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Change-Id: Icf459bf409c4f8422ce95bbbe279951799f313b2 Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Some error can happen only with certain features. If these features are used, their error cases must be handled. The assertions is to catch if a feature is enabled without its corresponding error handling. Change-Id: Ifd1b926a95a692eccde44d2d60b2f353eb3d5ea1 Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
It's repetitive and error prone to restore errno before each return from the error handler. Change-Id: I7990c1a2f5c6b1730586e4c6e1774d929685448b Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
mmeeks
approved these changes
Jan 7, 2025
net/SslSocket.hpp
Outdated
| @@ -363,6 +363,7 @@ class SslStreamSocket final : public StreamSocket | |||
| // Not an error; should be handled elsewhere. | |||
| case SSL_ERROR_NONE: // 0 | |||
| LOG_TRC(SSL_LOG_PREFIX(context, sslError, rc, last_errno) << ": " << bioErrStr); | |||
| errno = last_errno; // Restore errno. | |||
There was a problem hiding this comment.
Would love to do this with some RAII guard class
There was a problem hiding this comment.
Sure, we could. What complicates it a little is that we override it in a couple of cases.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
More non-functional error-handling improvements.
This greatly simplifies error handling, without introducing any functional changes.
Functional changes will follow.