#1522 closed defect (fixed)
TLS/SSL error code issues with OpenSSL backend
Reported by: | nanang | Owned by: | bennylp |
---|---|---|---|
Priority: | normal | Milestone: | release-2.0.1 |
Component: | pjlib | Version: | common |
Keywords: | Cc: | ||
Backport to 1.x milestone: | release-1.16 | Backported: | yes |
Description
Issues:
- OpenSSL error code range is too wide (consist of 3 fields: lib, func, reason) to fit into PJLIB error numbering space, so currently, only lib and reason error codes are kept/packed in pj_status_t using this formula: (lib_err*300+reason_err), but the 'shifter' 300 turns out to be too small and caused ambiguity.
- Export OpenSSL error code to PJSIP/PJSUA level. This can be useful as a backup or alternative solution of point 1 issue above.
- Misc error code related bugs:
- avoid multiple error code retrievals on a failure, the latest retrieval will get zero.
- should immediately retrieve more error code for details after getting SSL_ERROR_SSL error.
- server socket: after handshake error, OpenSSL may need to write something first (e.g: notify error to client socket), so better flush write BIO first before closing the TCP socket.
- client socket: after getting PJ_EEOF (server initiated disconnect), better check for OpenSSL error code, if any, replace the PJ_EEOF with OpenSSL error code.
Change History (4)
comment:1 Changed 13 years ago by nanang
- Component changed from applications to pjlib
comment:2 Changed 13 years ago by nanang
- Resolution set to fixed
- Status changed from new to closed
comment:3 Changed 12 years ago by nanang
In 4376:
comment:4 Changed 12 years ago by nanang
- Backported set
Note: See
TracTickets for help on using
tickets.
In 4146: