qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Wall (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PROTON-1886) Expose diagnostic information from the openssl error queue when SSL_new fails.
Date Fri, 03 Aug 2018 10:25:00 GMT

    [ https://issues.apache.org/jira/browse/PROTON-1886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16568060#comment-16568060

Keith Wall commented on PROTON-1886:

Currently if {{SSL_new}} fails, Proton does not record the contents of the thread's SSL error
queue.  This PR resolves this issue by directing the contents of the error queue to the transport's
tracer.  The lack of this information is hampering investigation of DISPATCH-1086.  This change
is likely to have general utility too.

To see this is action, I made a throw-away change to helloworld to enable SSL and then hacked
a situation where SSL_new would fail.  Setting PN_TRACE_DRV then gives this detail:

$ ./cpp/examples/helloworld_ssl
[0x7fc1cc403a00]:SSL socket setup failure.
[0x7fc1cc403a00]:error:140BA0C3:SSL routines:SSL_new:null ssl ctx
client SSL/TLS initialization error

> Expose diagnostic information from the openssl error queue when SSL_new fails.
> ------------------------------------------------------------------------------
>                 Key: PROTON-1886
>                 URL: https://issues.apache.org/jira/browse/PROTON-1886
>             Project: Qpid Proton
>          Issue Type: Improvement
>          Components: proton-c
>            Reporter: Keith Wall
>            Priority: Major
> If Proton C's call to [SSL_new()|https://github.com/apache/qpid-proton/blob/3cb7a5c672d9f817a498684ac7057bcccc713eda/c/src/ssl/openssl.c#L1235]
fails currently proton logs only "SSL socket setup failure.". It would aid diagnostics if
the logged information revealed the underlying reason(s) why the failure occurred from the
openssl error queue/stack. This approach is suggested by the openssl SSL_new documentation.
> [https://www.openssl.org/docs/man1.0.2/ssl/SSL_new.html]
> [https://www.openssl.org/docs/manmaster/man3/ERR_get_error.html]

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message