[prev in list] [next in list] [prev in thread] [next in thread]
List: libressl
Subject: Re: Handling handshake errors
From: Marko Kreen <markokr () gmail ! com>
Date: 2016-02-14 19:30:45
Message-ID: 20160214193045.GB26630 () gmail ! com
[Download RAW message or body]
On Sun, Feb 14, 2016 at 09:12:11PM +0200, Vasily Kolobkov wrote:
> > But turns out it goes too far if the hack applies also to tls_handshake.
>
> all the basic tls_* calls (handshake,read,write,close) all resort to
> tls_ssl_error. thus it seems like an unconsequential place to enforce
> custom rules only for some.
It is *the* place that extracts and converts libssl errors to something
sane. Considering that it handles only SSL_read, SSL_write and
SSL_shutdown after handshake, it seems OK to keep handling there.
It does not process 0 from SSL_shutdown, which is also recommended
by manpage: "The output of SSL_get_error may be misleading". Ugh.
So keeping special handling for 0 from SSL_read and SSL_write
there seems fine.
--
marko
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic