[jira] [Commented] (PROTON-1886) Expose diagnostic information from the openssl error queue when SSL_new fails.
[ https://issues.apache.org/jira/browse/PROTON-1886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16587530#comment-16587530 ] ASF subversion and git services commented on PROTON-1886: - Commit 213a7aa416d3c678e04d562ac77e0b7e0ff6a166 in qpid-proton's branch refs/heads/master from [~k-wall] [ https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=213a7aa ] PROTON-1886: Dump the thread's SSL error queue in the event that SSL_new fails. Closes #152 > Expose diagnostic information from the openssl error queue when SSL_new fails. > -- > > Key: PROTON-1886 > URL: https://issues.apache.org/jira/browse/PROTON-1886 > Project: Qpid Proton > Issue Type: Improvement > Components: proton-c >Reporter: Keith Wall >Priority: Major > > If Proton C's call to > [SSL_new()|https://github.com/apache/qpid-proton/blob/3cb7a5c672d9f817a498684ac7057b713eda/c/src/ssl/openssl.c#L1235] > fails currently proton logs only "SSL socket setup failure.". It would aid > diagnostics if the logged information revealed the underlying reason(s) why > the failure occurred from the openssl error queue/stack. This approach is > suggested by the openssl SSL_new documentation. > [https://www.openssl.org/docs/man1.0.2/ssl/SSL_new.html] > [https://www.openssl.org/docs/manmaster/man3/ERR_get_error.html] > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (PROTON-1886) Expose diagnostic information from the openssl error queue when SSL_new fails.
[ https://issues.apache.org/jira/browse/PROTON-1886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16587531#comment-16587531 ] ASF GitHub Bot commented on PROTON-1886: Github user asfgit closed the pull request at: https://github.com/apache/qpid-proton/pull/152 > Expose diagnostic information from the openssl error queue when SSL_new fails. > -- > > Key: PROTON-1886 > URL: https://issues.apache.org/jira/browse/PROTON-1886 > Project: Qpid Proton > Issue Type: Improvement > Components: proton-c >Reporter: Keith Wall >Priority: Major > > If Proton C's call to > [SSL_new()|https://github.com/apache/qpid-proton/blob/3cb7a5c672d9f817a498684ac7057b713eda/c/src/ssl/openssl.c#L1235] > fails currently proton logs only "SSL socket setup failure.". It would aid > diagnostics if the logged information revealed the underlying reason(s) why > the failure occurred from the openssl error queue/stack. This approach is > suggested by the openssl SSL_new documentation. > [https://www.openssl.org/docs/man1.0.2/ssl/SSL_new.html] > [https://www.openssl.org/docs/manmaster/man3/ERR_get_error.html] > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (PROTON-1886) Expose diagnostic information from the openssl error queue when SSL_new fails.
[ https://issues.apache.org/jira/browse/PROTON-1886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16587527#comment-16587527 ] ASF GitHub Bot commented on PROTON-1886: Github user astitcher commented on the issue: https://github.com/apache/qpid-proton/pull/152 This looks good - I'll pull it in. I wonder though if there is scope for some refactoring of the ssl error logic to make this error logic in common. > Expose diagnostic information from the openssl error queue when SSL_new fails. > -- > > Key: PROTON-1886 > URL: https://issues.apache.org/jira/browse/PROTON-1886 > Project: Qpid Proton > Issue Type: Improvement > Components: proton-c >Reporter: Keith Wall >Priority: Major > > If Proton C's call to > [SSL_new()|https://github.com/apache/qpid-proton/blob/3cb7a5c672d9f817a498684ac7057b713eda/c/src/ssl/openssl.c#L1235] > fails currently proton logs only "SSL socket setup failure.". It would aid > diagnostics if the logged information revealed the underlying reason(s) why > the failure occurred from the openssl error queue/stack. This approach is > suggested by the openssl SSL_new documentation. > [https://www.openssl.org/docs/man1.0.2/ssl/SSL_new.html] > [https://www.openssl.org/docs/manmaster/man3/ERR_get_error.html] > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (PROTON-1886) Expose diagnostic information from the openssl error queue when SSL_new fails.
[
https://issues.apache.org/jira/browse/PROTON-1886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16568060#comment-16568060
]
Keith Wall commented on PROTON-1886:
Currently if {{SSL_new}} fails, Proton does not record the contents of the
thread's SSL error queue. This PR resolves this issue by directing the
contents of the error queue to the transport's tracer. The lack of this
information is hampering investigation of DISPATCH-1086. This change is likely
to have general utility too.
To see this is action, I made a throw-away change to helloworld to enable SSL
and then hacked a situation where SSL_new would fail. Setting PN_TRACE_DRV
then gives this detail:
{noformat}
$ ./cpp/examples/helloworld_ssl
[0x7fc1cc403a00]:SSL socket setup failure.
[0x7fc1cc403a00]:error:140BA0C3:SSL routines:SSL_new:null ssl ctx
client SSL/TLS initialization error
{noformat}
> Expose diagnostic information from the openssl error queue when SSL_new fails.
> --
>
> Key: PROTON-1886
> URL: https://issues.apache.org/jira/browse/PROTON-1886
> Project: Qpid Proton
> Issue Type: Improvement
> Components: proton-c
>Reporter: Keith Wall
>Priority: Major
>
> If Proton C's call to
> [SSL_new()|https://github.com/apache/qpid-proton/blob/3cb7a5c672d9f817a498684ac7057b713eda/c/src/ssl/openssl.c#L1235]
> fails currently proton logs only "SSL socket setup failure.". It would aid
> diagnostics if the logged information revealed the underlying reason(s) why
> the failure occurred from the openssl error queue/stack. This approach is
> suggested by the openssl SSL_new documentation.
> [https://www.openssl.org/docs/man1.0.2/ssl/SSL_new.html]
> [https://www.openssl.org/docs/manmaster/man3/ERR_get_error.html]
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
[jira] [Commented] (PROTON-1886) Expose diagnostic information from the openssl error queue when SSL_new fails.
[ https://issues.apache.org/jira/browse/PROTON-1886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16568047#comment-16568047 ] ASF GitHub Bot commented on PROTON-1886: GitHub user k-wall opened a pull request: https://github.com/apache/qpid-proton/pull/152 PROTON-1886: Dump the thread's SSL error queue in the event that SSL_new fails. Uses the established mechanism to dump the thread's SSL error queue to established tracer in the event that SSL_new fails. You can merge this pull request into a Git repository by running: $ git pull https://github.com/k-wall/qpid-proton master Alternatively you can review and apply these changes as the patch at: https://github.com/apache/qpid-proton/pull/152.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #152 commit f2ae028f534d37abc6856ce21146c70635203628 Author: Keith Wall Date: 2018-08-03T09:29:22Z PROTON-1886: Dump the thread's SSL error queue in the event that SSL_new fails. > Expose diagnostic information from the openssl error queue when SSL_new fails. > -- > > Key: PROTON-1886 > URL: https://issues.apache.org/jira/browse/PROTON-1886 > Project: Qpid Proton > Issue Type: Improvement > Components: proton-c >Reporter: Keith Wall >Priority: Major > > If Proton C's call to > [SSL_new()|https://github.com/apache/qpid-proton/blob/3cb7a5c672d9f817a498684ac7057b713eda/c/src/ssl/openssl.c#L1235] > fails currently proton logs only "SSL socket setup failure.". It would aid > diagnostics if the logged information revealed the underlying reason(s) why > the failure occurred from the openssl error queue/stack. This approach is > suggested by the openssl SSL_new documentation. > [https://www.openssl.org/docs/man1.0.2/ssl/SSL_new.html] > [https://www.openssl.org/docs/manmaster/man3/ERR_get_error.html] > -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org
