Valuable error code from openSSL is discarded

[EdFuentetaja]

First of all, thank you for sharing this fantastic library. I was using it today on a secured websocket server when one client failed to connect. The server reported "TLS handshake failed," error code 8. I spend quite a bit of time debugging until I've found that in fact the error code reported by openSSL is 336109761, which means "no shared cipher," a lot more precise and the clue that put me in the right track to fix this problem.

The issue is with the handle_init method on the connection class (tls.hpp):

    void handle_init(init_handler callback,lib::asio::error_code const & ec) {
        if (ec) {
            m_ec = socket::make_error_code(socket::error::tls_handshake_failed);
        } else {
            m_ec = lib::error_code();
        }

        callback(m_ec);
    }

The arriving ec value is 336109761 but it's discarded and replaced by a generic tls_handshake_failed.

Please don't discard this value, it can be extremely useful. I don't know the consequences of just assigning ec to m_ec.

For your consideration. Thanks a lot,

Ed

[zaphoyd]

Yeah, this is a tougher one. m_ec is of a different type than ec so they cannot be reliably assigned to each other without the library copying (and maintaining a list of) all of the security policy error codes (which could be Asio, raw Open/LibreSSL, custom policies written by end users, etc.

Other portions of the code print the raw error message to one of the log channels before generic code translation, but the security policy doesn't have access to the logger so this is not straight forward.

That said, OpenSSL errors are a pain even with the codes, so yes, this really should be fixed some way or another.