Module tabbyssl::libssl::err

Implementations of OpenSSL ERR APIs. Please also refer to the header file at tabbyssl/openssl/err.h

Synopsis

This sub-module implements the error-handling APIs of OpenSSL. TabbySSL follows the same design as OpenSSL and uses a thread-local error queue. A failed API call typically returns -1/0 and pushes an error code into the error queue. The error code can be acquired by calling ERR_get_error or SSL_get_error.

TabbySSL always use a 32-bit unsigned integer to represent error codes.

 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0 7 6 5 4 3 2 1 0
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     source    |     unused    |     errno     |   sub errno   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The highest 8 bits represent the source of the error. 0x1: the error comes from TabbySSL itself. For example, a NULL or malformed SSL_CTX pointer is used. 0x2: the error comes from system I/O. For example, a certificate file is not found. 0x3: the error is TLS specific. For example, the remote server does not have a valid certifcate. The lowest 16 bits represent the specific error, including 8 bites error number and 8 bits optional sub error number. For a human-readable decription of an ErrorCode, call ERR_reason_error_string. An non-exhaustive list of error codes is as follows.

  TABBY_ERROR_NONE = 0,
  TABBY_ERROR_ZERO_RETURN = 1,
  TABBY_ERROR_WANT_READ = 2,
  TABBY_ERROR_WANT_WRITE = 3,
  TABBY_ERROR_WANT_CONNECT = 7,
  TABBY_ERROR_WANT_ACCEPT = 8,
  TABBY_ERROR_SYSCALL = 5,
  TABBY_ERROR_SSL = 0x55,
  TABBY_ERROR_NULL_POINTER = 0xe0,
  TABBY_ERROR_MALFORMED_OBJECT = 0xe1,
  TABBY_ERROR_BAD_FUNC_ARG = 0xe2,
  TABBY_ERROR_PANIC = 0xe3,
  TABBY_ERROR_LOCK = 0xe4,
  IO_ERROR_NOT_FOUND = 0x0200_0001,
  IO_ERROR_PERMISSION_DENIED = 0x0200_0002,
  IO_ERROR_CONNECTION_REFUSED = 0x0200_0003,
  IO_ERROR_CONNECTION_RESET = 0x0200_0004,
  IO_ERROR_CONNECTION_ABORTED = 0x0200_0005,
  IO_ERROR_NOT_CONNECTED = 0x0200_0006,
  IO_ERROR_ADDR_IN_USE = 0x0200_0007,
  IO_ERROR_ADDR_NOT_AVAILABLE = 0x0200_0008,
  IO_ERROR_BROKEN_PIPE = 0x0200_0009,
  IO_ERROR_ALREADY_EXISTS = 0x0200_000a,
  IO_ERROR_WOULD_BLOCK = 0x0200_000b,
  IO_ERROR_INVALID_INPUT = 0x0200_000c,
  IO_ERROR_INVALID_DATA = 0x0200_000d,
  IO_ERROR_TIMED_OUT = 0x0200_000e,
  IO_ERROR_WRITE_ZERO = 0x0200_000f,
  IO_ERROR_INTERRUPTED = 0x0200_0010,
  IO_ERROR_OTHER = 0x0200_0011,
  IO_ERROR_UNEXPECTED_EOF = 0x0200_0012,
  TLS_ERROR_INAPPROPRIATE_MESSAGE = 0x0300_0100,
  TLS_ERROR_INAPPROPRIATE_HANDSHAKE_MESSAGE = 0x0300_0200,
  TLS_ERROR_CORRUPT_MESSAGE = 0x0300_0300,
  TLS_ERROR_CORRUPT_MESSAGE_PAYLOAD = 0x0300_0400,
  TLS_ERROR_CORRUPT_MESSAGE_PAYLOAD_ALERT = 0x0300_0401,
  TLS_ERROR_CORRUPT_MESSAGE_PAYLOAD_CHANGE_CIPHER_SPEC = 0x0300_0402,
  TLS_ERROR_CORRUPT_MESSAGE_PAYLOAD_HANDSHAKE = 0x0300_0403,
  TLS_ERROR_NO_CERTIFICATES_PRESENTED = 0x0300_0500,
  TLS_ERROR_DECRYPT_ERROR = 0x0300_0600,
  TLS_ERROR_PEER_INCOMPATIBLE_ERROR = 0x0300_0700,
  TLS_ERROR_PEER_MISBEHAVED_ERROR = 0x0300_0800,
  TLS_ERROR_ALERT_RECEIVED_CLOSE_NOTIFY = 0x0300_0901,
  TLS_ERROR_ALERT_RECEIVED_UNEXPECTED_MESSAGE = 0x0300_0902,
  TLS_ERROR_ALERT_RECEIVED_BAD_RECORD_MAC = 0x0300_0903,
  TLS_ERROR_ALERT_RECEIVED_DECRYPTION_FAILED = 0x0300_0904,
  TLS_ERROR_ALERT_RECEIVED_RECORD_OVERFLOW = 0x0300_0905,
  TLS_ERROR_ALERT_RECEIVED_DECOMPRESSION_FAILURE = 0x0300_0906,
  TLS_ERROR_ALERT_RECEIVED_HANDSHAKE_FAILURE = 0x0300_0907,
  TLS_ERROR_ALERT_RECEIVED_NO_CERTIFICATE = 0x0300_0908,
  TLS_ERROR_ALERT_RECEIVED_BAD_CERTIFICATE = 0x0300_0909,
  TLS_ERROR_ALERT_RECEIVED_UNSUPPORTED_CERTIFICATE = 0x0300_090a,
  TLS_ERROR_ALERT_RECEIVED_CERTIFICATE_REVOKED = 0x0300_090b,
  TLS_ERROR_ALERT_RECEIVED_CERTIFICATE_EXPIRED = 0x0300_090c,
  TLS_ERROR_ALERT_RECEIVED_CERTIFICATE_UNKNOWN = 0x0300_090d,
  TLS_ERROR_ALERT_RECEIVED_ILLEGAL_PARAMETER = 0x0300_090e,
  TLS_ERROR_ALERT_RECEIVED_UNKNOWN_CA = 0x0300_090f,
  TLS_ERROR_ALERT_RECEIVED_ACCESS_DENIED = 0x0300_0910,
  TLS_ERROR_ALERT_RECEIVED_DECODE_ERROR = 0x0300_0911,
  TLS_ERROR_ALERT_RECEIVED_DECRYPT_ERROR = 0x0300_0912,
  TLS_ERROR_ALERT_RECEIVED_EXPORT_RESTRICTION = 0x0300_0913,
  TLS_ERROR_ALERT_RECEIVED_PROTOCOL_VERSION = 0x0300_0914,
  TLS_ERROR_ALERT_RECEIVED_INSUFFICIENT_SECURITY = 0x0300_0915,
  TLS_ERROR_ALERT_RECEIVED_INTERNAL_ERROR = 0x0300_0916,
  TLS_ERROR_ALERT_RECEIVED_INAPPROPRIATE_FALLBACK = 0x0300_0917,
  TLS_ERROR_ALERT_RECEIVED_USER_CANCELED = 0x0300_0918,
  TLS_ERROR_ALERT_RECEIVED_NO_RENEGOTIATION = 0x0300_0919,
  TLS_ERROR_ALERT_RECEIVED_MISSING_EXTENSION = 0x0300_091a,
  TLS_ERROR_ALERT_RECEIVED_UNSUPPORTED_EXTENSION = 0x0300_091b,
  TLS_ERROR_ALERT_RECEIVED_CERTIFICATE_UNOBTAINABLE = 0x0300_091c,
  TLS_ERROR_ALERT_RECEIVED_UNRECOGNISED_NAME = 0x0300_091d,
  TLS_ERROR_ALERT_RECEIVED_BAD_CERTIFICATE_STATUS_RESPONSE = 0x0300_091e,
  TLS_ERROR_ALERT_RECEIVED_BAD_CERTIFICATE_HASH_VALUE = 0x0300_091f,
  TLS_ERROR_ALERT_RECEIVED_UNKNOWN_PSK_IDENTITY = 0x0300_0920,
  TLS_ERROR_ALERT_RECEIVED_CERTIFICATE_REQUIRED = 0x0300_0921,
  TLS_ERROR_ALERT_RECEIVED_NO_APPLICATION_PROTOCOL = 0x0300_0922,
  TLS_ERROR_ALERT_RECEIVED_UNKNOWN = 0x0300_09ff,
  TLS_ERROR_WEBPKI_BAD_DER = 0x0300_0a01,
  TLS_ERROR_WEBPKI_BAD_DER_TIME = 0x0300_0a02,
  TLS_ERROR_WEBPKI_CA_USED_AS_END_ENTITY = 0x0300_0a03,
  TLS_ERROR_WEBPKI_CERT_EXPIRED = 0x0300_0a04,
  TLS_ERROR_WEBPKI_CERT_NOT_VALID_FOR_NAME = 0x0300_0a05,
  TLS_ERROR_WEBPKI_CERT_NOT_VALID_YET = 0x0300_0a06,
  TLS_ERROR_WEBPKI_END_ENTITY_USED_AS_CA = 0x0300_0a07,
  TLS_ERROR_WEBPKI_EXTENSION_VALUE_INVALID = 0x0300_0a08,
  TLS_ERROR_WEBPKI_INVALID_CERT_VALIDITY = 0x0300_0a09,
  TLS_ERROR_WEBPKI_INVALID_SIGNATURE_FOR_PUBLIC_KEY = 0x0300_0a0a,
  TLS_ERROR_WEBPKI_NAME_CONSTRAINT_VIOLATION = 0x0300_0a0b,
  TLS_ERROR_WEBPKI_PATH_LEN_CONSTRAINT_VIOLATED = 0x0300_0a0c,
  TLS_ERROR_WEBPKI_SIGNATURE_ALGORITHM_MISMATCH = 0x0300_0a0d,
  TLS_ERROR_WEBPKI_REQUIRED_EKU_NOT_FOUND = 0x0300_0a0e,
  TLS_ERROR_WEBPKI_UNKNOWN_ISSUER = 0x0300_0a0f,
  TLS_ERROR_WEBPKI_UNSUPPORTED_CERT_VERSION = 0x0300_0a10,
  TLS_ERROR_WEBPKI_UNSUPPORTED_CRITICAL_EXTENSION = 0x0300_0a11,
  TLS_ERROR_WEBPKI_UNSUPPORTED_SIGNATURE_ALGORITHM_FOR_PUBLIC_KEY = 0x0300_0a12,
  TLS_ERROR_WEBPKI_UNSUPPORTED_SIGNATURE_ALGORITHM = 0x0300_0a13,
  TLS_ERROR_INVALID_SCT = 0x0300_0b00,
  TLS_ERROR_GENERAL = 0x0300_0c00,
  TLS_ERROR_FAILED_TO_GET_CURRENT_TIME = 0x0300_0d00,
  TLS_ERROR_INVALID_DNS_NAME = 0x0300_0e00,
  TLS_ERROR_HANDSHAKE_NOT_COMPLETE = 0x0300_0f00,
  TLS_ERROR_PEER_SENT_OVERSIZED_RECORD = 0x0300_1000,
  UNDEFINED_ERROR = 0x0eeeeeee,

Functions

tabby_ERR_clear_error	ERR_clear_error - empty the current thread's error queue.
tabby_ERR_error_string_n⚠	ERR_error_string_n - generates a human-readable string representing the error code e, and places len bytes at buf. Note that this function is not thread-safe and does no checks on the size of the buffer.
tabby_ERR_free_error_strings	ERR_free_error_strings - compatibility only
tabby_ERR_get_error	ERR_get_error - returns the earliest error code from the thread's error queue and removes the entry. This function can be called repeatedly until there are no more error codes to return.
tabby_ERR_load_error_strings	ERR_load_error_strings - compatibility only
tabby_ERR_peek_last_error	ERR_peek_last_error - returns the latest error code from the thread's error queue without modifying it.
tabby_ERR_print_errors_fp⚠	ERR_print_errors_fp - a convenience function that prints the error strings for all errors that OpenSSL has recorded to fp, thus emptying the error queue.
tabby_ERR_reason_error_string	ERR_error_reason_error_string - returns a human-readable string representing the error code e. This API does not allocate additional memory.