Handle when an OpenSSL error doesn't contain a reason #147
Conversation
(Or any other field)
You can reproduce the error by running:
```
treq.get('https://nile.ghdonline.org')
```
from within a twisted program (and doing the approrpiate deferred stuff).
I'm unsure how to craft a unit test for this
|
Thanks. Unfortunately, I'm not able to reproduce any error with that line. |
|
I was able to reproduce it, but only with 0.9.8 / OS X. 1.0.1 / Ubuntu yielded no error. Perhaps OpenSSL has stopped providing NULL in the error queue in more recent versions? |
|
Yeah, I can confirm that I don't see this with OpenSSL 1.01, only 0.9.8 |
|
It's not OS X specific though, it reproduces fine on Ubuntu Lucid. |
|
https://www.openssl.org/docs/crypto/err.html sort of implies, but doesn't outright state, that |
|
Scratch that, |
OpenSSL/test/test_util.py
Outdated
There was a problem hiding this comment.
Convention in pyOpenSSL seems to be to have sphinx docstrings on test methods, similar to Twisted style. Can you add one?
OpenSSL/test/test_util.py
Outdated
There was a problem hiding this comment.
Wait… does not raise TypeError? Shouldn't it be talking about what it does raise?
ValueError is an exception which lots of built-in things raise and which might easily be confused if there's some other sort of implementation bug here; this is why I use ZeroDivisionError for my go-to "application exception" if I'm going to use a standard exception at all and not just define my own type.
|
Is there anything else needed here? |
|
Hi, sorry for chime in here so late, but I'm curious why an SSL error would ever not have a reason string? After reading through #135 more thoroughly, it sounds like we might be getting an X509_STORE_CTX context error here, which contains metadata about where the error is occurring... and has different OpenSSL API for fetching the error/reasons. I'm mostly curious so I can watch out for the same class of errors in #155. |
|
Sometimes OpenSSL, instead of using a reason which exists in their "reasons table" and therefore has a string, will just do some random arithmetic: https://github.com/openssl/openssl/blob/master/ssl/s23_clnt.c#L787 |
|
Haha.. wow.. that's.. nice. In the case that you pointed out, do you know how to explain what is going on there (after superficial glance, this is illegible to me). Are they truly doing some random arithmetic or are they including some context of the request in the error message (and thus doesn't have a pre-defined reason from their "reason table")? |
|
If you know it's an error of that type, you can use the specific format to On Wed, Sep 17, 2014 at 2:18 PM, Stephen Holsapple <notifications@github.com
"I disapprove of what you say, but I will defend to the death your right to |
|
Ah, I understand now, thank you. I'll try and see if similar issues exists in context errors. |
|
This looks useful, correct and the builders agree. Anything more needed? |
|
It feels RFC to me :-) |
|
I'm inclined to agree with @hynek . Anything I can do to move this along? |
|
Yay! |
7 participants
(Or any other field)
You can reproduce the error by running:
from within a twisted program (and doing the approrpiate deferred stuff).
I'm unsure how to craft a unit test for this