> The proper way to handle this, in my experience, is *DO NOT REUSE ERROR
> CODES.* Each error code appears in exactly one place, and we could eventually
> build up documentation explaining what they mean, the causes, and how to
> address this. This means, we don't use ERR_R_MALLOC when trying to create an
> RSA key, for example, but rather a handful of new errors for
> ERR_R_RSA_CANT_CREATE_D, ...CANT_CREATE_N, etc. That is a big job, albeit
> mostly a tedious one.
I got some feedback on- and off-list about this. Most of it was "surely you
can't be serious." I am, and stop calling me Shirley. :) Let me add some
details. First, recall that OpenSSL has an error stack, and that as errors are
"unwound" each function can add its own error code to that stack. This
naturally leads to the point where the first entry has the most detailed error,
"malloc failed" and the last entry has the most application-oriented error
"Could not create RSA key"; along the way are "Could not create d" and "Could
not create secure bignum" errors. I hope that makes more sense.
HOWEVER, this point (which got the most comments) was a side-note to the main
point of my email, which gave some reasons why I think including the function
code is a bad idea.
Hope this helps.
