[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libressl
Subject:    Re: Handling handshake errors
From:       Marko Kreen <markokr () gmail ! com>
Date:       2016-02-14 19:30:45
Message-ID: 20160214193045.GB26630 () gmail ! com
[Download RAW message or body]

On Sun, Feb 14, 2016 at 09:12:11PM +0200, Vasily Kolobkov wrote:
> > But turns out it goes too far if the hack applies also to tls_handshake.
> 
> all the basic tls_* calls (handshake,read,write,close) all resort to 
> tls_ssl_error. thus it seems like an unconsequential place to enforce 
> custom rules only for some.

It is *the* place that extracts and converts libssl errors to something
sane.  Considering that it handles only SSL_read, SSL_write and
SSL_shutdown after handshake, it seems OK to keep handling there.

It does not process 0 from SSL_shutdown, which is also recommended
by manpage: "The output of SSL_get_error may be misleading".  Ugh.
So keeping special handling for 0 from SSL_read and SSL_write
there seems fine.

-- 
marko

[prev in list] [next in list] [prev in thread] [next in thread]