Opened 7 years ago

Closed 7 years ago

Last modified 6 years ago

#1522 closed defect (fixed)

TLS/SSL error code issues with OpenSSL backend

Reported by: nanang Owned by: bennylp
Priority: normal Milestone: release-2.0.1
Component: pjlib Version: common
Keywords: Cc:
Backport to 1.x milestone: release-1.16 Backported: yes

Description

Issues:

  1. OpenSSL error code range is too wide (consist of 3 fields: lib, func, reason) to fit into PJLIB error numbering space, so currently, only lib and reason error codes are kept/packed in pj_status_t using this formula: (lib_err*300+reason_err), but the 'shifter' 300 turns out to be too small and caused ambiguity.
  2. Export OpenSSL error code to PJSIP/PJSUA level. This can be useful as a backup or alternative solution of point 1 issue above.
  3. Misc error code related bugs:
    • avoid multiple error code retrievals on a failure, the latest retrieval will get zero.
    • should immediately retrieve more error code for details after getting SSL_ERROR_SSL error.
    • server socket: after handshake error, OpenSSL may need to write something first (e.g: notify error to client socket), so better flush write BIO first before closing the TCP socket.
    • client socket: after getting PJ_EEOF (server initiated disconnect), better check for OpenSSL error code, if any, replace the PJ_EEOF with OpenSSL error code.

Change History (4)

comment:1 Changed 7 years ago by nanang

  • Component changed from applications to pjlib

comment:2 Changed 7 years ago by nanang

  • Resolution set to fixed
  • Status changed from new to closed

In 4146:

Fix #1522:

  1. Updated the 'shifter' (expected max openssl reason code) to 1200.
  2. Done, added pj_ssl_sock_info::last_native_err. Also fixed pjsip/sip_transport_tls.c to include TLS transport specific info in invoking transport state callback on disconnection event.
  3. Fixed.

comment:3 Changed 6 years ago by nanang

In 4376:

Re #1522: backported to 1.x

comment:4 Changed 6 years ago by nanang

  • Backported set
Note: See TracTickets for help on using tickets.