Module mesalink::libssl::err [−][src]
Expand description
Implementations of OpenSSL ERR APIs. Please also refer to the header file at mesalink/openssl/err.h
Synopsis
This sub-module implements the error-handling APIs of OpenSSL. MesaLink
follows the same design as OpenSSL and uses a thread-local error queue. A
failed API call typically returns -1/0 and pushes an error code into the
error queue. The error code can be acquired by calling ERR_get_error
or
SSL_get_error
.
MesaLink always use a 32-bit unsigned integer to represent error codes.
7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| source | unused | errno | sub errno |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The highest 8 bits represent the source of the error. 0x1: the error comes
from MesaLink itself. For example, a NULL or malformed SSL_CTX pointer is
used. 0x2: the error comes from system I/O. For example, a certificate file
is not found. 0x3: the error is TLS specific. For example, the remote server
does not have a valid certifcate. The lowest 16 bits represent the specific
error, including 8 bites error number and 8 bits optional sub error number.
For a human-readable decription of an ErrorCode, call
ERR_reason_error_string
. An non-exhaustive list of error codes is as
follows.
MESALINK_ERROR_NONE = 0,
MESALINK_ERROR_ZERO_RETURN = 1,
MESALINK_ERROR_WANT_READ = 2,
MESALINK_ERROR_WANT_WRITE = 3,
MESALINK_ERROR_WANT_CONNECT = 7,
MESALINK_ERROR_WANT_ACCEPT = 8,
MESALINK_ERROR_SYSCALL = 5,
MESALINK_ERROR_SSL = 0x55,
MESALINK_ERROR_NULL_POINTER = 0xe0,
MESALINK_ERROR_MALFORMED_OBJECT = 0xe1,
MESALINK_ERROR_BAD_FUNC_ARG = 0xe2,
MESALINK_ERROR_PANIC = 0xe3,
MESALINK_ERROR_LOCK = 0xe4,
IO_ERROR_NOT_FOUND = 0x0200_0001,
IO_ERROR_PERMISSION_DENIED = 0x0200_0002,
IO_ERROR_CONNECTION_REFUSED = 0x0200_0003,
IO_ERROR_CONNECTION_RESET = 0x0200_0004,
IO_ERROR_CONNECTION_ABORTED = 0x0200_0005,
IO_ERROR_NOT_CONNECTED = 0x0200_0006,
IO_ERROR_ADDR_IN_USE = 0x0200_0007,
IO_ERROR_ADDR_NOT_AVAILABLE = 0x0200_0008,
IO_ERROR_BROKEN_PIPE = 0x0200_0009,
IO_ERROR_ALREADY_EXISTS = 0x0200_000a,
IO_ERROR_WOULD_BLOCK = 0x0200_000b,
IO_ERROR_INVALID_INPUT = 0x0200_000c,
IO_ERROR_INVALID_DATA = 0x0200_000d,
IO_ERROR_TIMED_OUT = 0x0200_000e,
IO_ERROR_WRITE_ZERO = 0x0200_000f,
IO_ERROR_INTERRUPTED = 0x0200_0010,
IO_ERROR_OTHER = 0x0200_0011,
IO_ERROR_UNEXPECTED_EOF = 0x0200_0012,
TLS_ERROR_INAPPROPRIATE_MESSAGE = 0x0300_0100,
TLS_ERROR_INAPPROPRIATE_HANDSHAKE_MESSAGE = 0x0300_0200,
TLS_ERROR_CORRUPT_MESSAGE = 0x0300_0300,
TLS_ERROR_CORRUPT_MESSAGE_PAYLOAD = 0x0300_0400,
TLS_ERROR_CORRUPT_MESSAGE_PAYLOAD_ALERT = 0x0300_0401,
TLS_ERROR_CORRUPT_MESSAGE_PAYLOAD_CHANGE_CIPHER_SPEC = 0x0300_0402,
TLS_ERROR_CORRUPT_MESSAGE_PAYLOAD_HANDSHAKE = 0x0300_0403,
TLS_ERROR_NO_CERTIFICATES_PRESENTED = 0x0300_0500,
TLS_ERROR_DECRYPT_ERROR = 0x0300_0600,
TLS_ERROR_PEER_INCOMPATIBLE_ERROR = 0x0300_0700,
TLS_ERROR_PEER_MISBEHAVED_ERROR = 0x0300_0800,
TLS_ERROR_ALERT_RECEIVED_CLOSE_NOTIFY = 0x0300_0901,
TLS_ERROR_ALERT_RECEIVED_UNEXPECTED_MESSAGE = 0x0300_0902,
TLS_ERROR_ALERT_RECEIVED_BAD_RECORD_MAC = 0x0300_0903,
TLS_ERROR_ALERT_RECEIVED_DECRYPTION_FAILED = 0x0300_0904,
TLS_ERROR_ALERT_RECEIVED_RECORD_OVERFLOW = 0x0300_0905,
TLS_ERROR_ALERT_RECEIVED_DECOMPRESSION_FAILURE = 0x0300_0906,
TLS_ERROR_ALERT_RECEIVED_HANDSHAKE_FAILURE = 0x0300_0907,
TLS_ERROR_ALERT_RECEIVED_NO_CERTIFICATE = 0x0300_0908,
TLS_ERROR_ALERT_RECEIVED_BAD_CERTIFICATE = 0x0300_0909,
TLS_ERROR_ALERT_RECEIVED_UNSUPPORTED_CERTIFICATE = 0x0300_090a,
TLS_ERROR_ALERT_RECEIVED_CERTIFICATE_REVOKED = 0x0300_090b,
TLS_ERROR_ALERT_RECEIVED_CERTIFICATE_EXPIRED = 0x0300_090c,
TLS_ERROR_ALERT_RECEIVED_CERTIFICATE_UNKNOWN = 0x0300_090d,
TLS_ERROR_ALERT_RECEIVED_ILLEGAL_PARAMETER = 0x0300_090e,
TLS_ERROR_ALERT_RECEIVED_UNKNOWN_CA = 0x0300_090f,
TLS_ERROR_ALERT_RECEIVED_ACCESS_DENIED = 0x0300_0910,
TLS_ERROR_ALERT_RECEIVED_DECODE_ERROR = 0x0300_0911,
TLS_ERROR_ALERT_RECEIVED_DECRYPT_ERROR = 0x0300_0912,
TLS_ERROR_ALERT_RECEIVED_EXPORT_RESTRICTION = 0x0300_0913,
TLS_ERROR_ALERT_RECEIVED_PROTOCOL_VERSION = 0x0300_0914,
TLS_ERROR_ALERT_RECEIVED_INSUFFICIENT_SECURITY = 0x0300_0915,
TLS_ERROR_ALERT_RECEIVED_INTERNAL_ERROR = 0x0300_0916,
TLS_ERROR_ALERT_RECEIVED_INAPPROPRIATE_FALLBACK = 0x0300_0917,
TLS_ERROR_ALERT_RECEIVED_USER_CANCELED = 0x0300_0918,
TLS_ERROR_ALERT_RECEIVED_NO_RENEGOTIATION = 0x0300_0919,
TLS_ERROR_ALERT_RECEIVED_MISSING_EXTENSION = 0x0300_091a,
TLS_ERROR_ALERT_RECEIVED_UNSUPPORTED_EXTENSION = 0x0300_091b,
TLS_ERROR_ALERT_RECEIVED_CERTIFICATE_UNOBTAINABLE = 0x0300_091c,
TLS_ERROR_ALERT_RECEIVED_UNRECOGNISED_NAME = 0x0300_091d,
TLS_ERROR_ALERT_RECEIVED_BAD_CERTIFICATE_STATUS_RESPONSE = 0x0300_091e,
TLS_ERROR_ALERT_RECEIVED_BAD_CERTIFICATE_HASH_VALUE = 0x0300_091f,
TLS_ERROR_ALERT_RECEIVED_UNKNOWN_PSK_IDENTITY = 0x0300_0920,
TLS_ERROR_ALERT_RECEIVED_CERTIFICATE_REQUIRED = 0x0300_0921,
TLS_ERROR_ALERT_RECEIVED_NO_APPLICATION_PROTOCOL = 0x0300_0922,
TLS_ERROR_ALERT_RECEIVED_UNKNOWN = 0x0300_09ff,
TLS_ERROR_WEBPKI_BAD_DER = 0x0300_0a01,
TLS_ERROR_WEBPKI_BAD_DER_TIME = 0x0300_0a02,
TLS_ERROR_WEBPKI_CA_USED_AS_END_ENTITY = 0x0300_0a03,
TLS_ERROR_WEBPKI_CERT_EXPIRED = 0x0300_0a04,
TLS_ERROR_WEBPKI_CERT_NOT_VALID_FOR_NAME = 0x0300_0a05,
TLS_ERROR_WEBPKI_CERT_NOT_VALID_YET = 0x0300_0a06,
TLS_ERROR_WEBPKI_END_ENTITY_USED_AS_CA = 0x0300_0a07,
TLS_ERROR_WEBPKI_EXTENSION_VALUE_INVALID = 0x0300_0a08,
TLS_ERROR_WEBPKI_INVALID_CERT_VALIDITY = 0x0300_0a09,
TLS_ERROR_WEBPKI_INVALID_SIGNATURE_FOR_PUBLIC_KEY = 0x0300_0a0a,
TLS_ERROR_WEBPKI_NAME_CONSTRAINT_VIOLATION = 0x0300_0a0b,
TLS_ERROR_WEBPKI_PATH_LEN_CONSTRAINT_VIOLATED = 0x0300_0a0c,
TLS_ERROR_WEBPKI_SIGNATURE_ALGORITHM_MISMATCH = 0x0300_0a0d,
TLS_ERROR_WEBPKI_REQUIRED_EKU_NOT_FOUND = 0x0300_0a0e,
TLS_ERROR_WEBPKI_UNKNOWN_ISSUER = 0x0300_0a0f,
TLS_ERROR_WEBPKI_UNSUPPORTED_CERT_VERSION = 0x0300_0a10,
TLS_ERROR_WEBPKI_UNSUPPORTED_CRITICAL_EXTENSION = 0x0300_0a11,
TLS_ERROR_WEBPKI_UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_PUBLIC_KEY = 0x0300_0a12,
TLS_ERROR_WEBPKI_UNSUPPORTED_SIGNATURE_ALGORITHM = 0x0300_0a13,
TLS_ERROR_INVALID_SCT = 0x0300_0b00,
TLS_ERROR_GENERAL = 0x0300_0c00,
TLS_ERROR_FAILED_TO_GET_CURRENT_TIME = 0x0300_0d00,
TLS_ERROR_INVALID_DNS_NAME = 0x0300_0e00,
TLS_ERROR_HANDSHAKE_NOT_COMPLETE = 0x0300_0f00,
TLS_ERROR_PEER_SENT_OVERSIZED_RECORD = 0x0300_1000,
UNDEFINED_ERROR = 0x0eeeeeee,
Functions
ERR_clear_error
- empty the current thread’s error queue.
ERR_error_string_n
- generates a human-readable string representing the
error code e
, and places len
bytes at buf
. Note that this function is
not thread-safe and does no checks on the size of the buffer.
ERR_free_error_strings
- compatibility only
ERR_get_error
- returns the earliest error code from the thread’s error
queue and removes the entry. This function can be called repeatedly until
there are no more error codes to return.
ERR_load_error_strings
- compatibility only
ERR_peek_last_error
- returns the latest error code from the thread’s error
queue without modifying it.
ERR_print_errors_fp
- a convenience function that prints the error
strings for all errors that OpenSSL has recorded to fp
, thus emptying the
error queue.
ERR_error_reason_error_string
- returns a human-readable string representing
the error code e. This API does not allocate additional memory.