Avoid function names when printing OpenSSL errors #133
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Return false in case the certificate is about to expire, causing the (only) caller to subsequently verify the proxy.
The mode passed to access is an int and not a string, like in fopen.
Just rely on the canonical loop over the error stack, without special treatment for an expired certificate, which is caught somewhere else in any case. Be sure that the data added to an error is a text string before printing it.
The code mentions OpenSSL functions related to error management, which has changed in OpenSSL 3, deprecating old practices.
The use of the function name in errors has been abandoned in OpenSSL 3. Profit to replace the use of sprintf with snprintf.
To be more compatible with how it was done before.
giacomini
deleted the
110-error-string-handling-for-openssl-300-needs-further-fixing
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With OpenSSL 3, function names are not included any more in SSL errors; trying to print them is then meaningless.
This PR mainly changes how the error message obtained from the queue of SSL errors is produced, relying on the canonical loop over the queue and avoiding function names.
Partially addresses #110. More work is needed to correctly register VOMS-specific errors, which doesn't seem quite right even in the current implementation.