[
https://issues.apache.org/jira/browse/PROTON-1886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16568060#comment-16568060
]
Keith Wall edited comment on PROTON-1886 at 8/3/18 10:25 AM:
-------------------------------------------------------------
Currently if {{SSL_new}} fails, Proton does not record the contents of the
thread's SSL error queue. This PR resolves this issue by directing the
contents of the error queue to the transport's tracer. The lack of this
information is hampering investigation of DISPATCH-1086. This change is likely
to have general utility too.
To see this is action, I made a throw-away change to helloworld to enable SSL
and then hacked a situation where SSL_new would fail. Running with
PN_TRACE_DRV set then gives this detail:
{noformat}
$ ./cpp/examples/helloworld_ssl
[0x7fc1cc403a00]:SSL socket setup failure.
[0x7fc1cc403a00]:error:140BA0C3:SSL routines:SSL_new:null ssl ctx
client SSL/TLS initialization error
{noformat}
was (Author: k-wall):
Currently if {{SSL_new}} fails, Proton does not record the contents of the
thread's SSL error queue. This PR resolves this issue by directing the
contents of the error queue to the transport's tracer. The lack of this
information is hampering investigation of DISPATCH-1086. This change is likely
to have general utility too.
To see this is action, I made a throw-away change to helloworld to enable SSL
and then hacked a situation where SSL_new would fail. Setting PN_TRACE_DRV
then gives this detail:
{noformat}
$ ./cpp/examples/helloworld_ssl
[0x7fc1cc403a00]:SSL socket setup failure.
[0x7fc1cc403a00]:error:140BA0C3:SSL routines:SSL_new:null ssl ctx
client SSL/TLS initialization error
{noformat}
> Expose diagnostic information from the openssl error queue when SSL_new fails.
> ------------------------------------------------------------------------------
>
> Key: PROTON-1886
> URL: https://issues.apache.org/jira/browse/PROTON-1886
> Project: Qpid Proton
> Issue Type: Improvement
> Components: proton-c
> Reporter: Keith Wall
> Priority: Major
>
> If Proton C's call to
> [SSL_new()|https://github.com/apache/qpid-proton/blob/3cb7a5c672d9f817a498684ac7057bcccc713eda/c/src/ssl/openssl.c#L1235]
> fails currently proton logs only "SSL socket setup failure.". It would aid
> diagnostics if the logged information revealed the underlying reason(s) why
> the failure occurred from the openssl error queue/stack. This approach is
> suggested by the openssl SSL_new documentation.
> [https://www.openssl.org/docs/man1.0.2/ssl/SSL_new.html]
> [https://www.openssl.org/docs/manmaster/man3/ERR_get_error.html]
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
