RE: Re:Re: How to retrieve error about private key loading.
From: owner-openssl-us...@openssl.org On Behalf Of ikuzar Sent: Friday, 25 February, 2011 09:57 2011/2/25 lzyzizi lzyz...@126.com You can use ERR_GET_FUNC(l) with the error code to get the error function ID that is defined in the module's header(here is ssl.h). You can also use const char *ERR_func_error_string(unsigned long e) with the error code to get the string representation of the error function. That's just the function-name which is rarely sufficient. While you can fiddle the pieces yourself, ERR_error_string[_n](e,buf[,n]) gives you everything in one lump which is usually more convenient. Or just printf %lx, and lookup manually with commandline 'errstr'. Every time you want to know the string information of the error code, you need to call the void ERR_load_ERR_strings(void) first. (or call ERR_load_(MODULE NAM)_strings(void) such as void ERR_load_SSL_strings(void)) Not 'every time'. You need to load error strings sometime before you use them, but it's common to do it once at startup. ERR_load_ERR_strings only loads some internal infrastructure stuff, which is nowhere near enough. If you want you can do each relevant module individually ERR_load_RSA_strings ERR_load_BN_strings ERR_load_SSL_strings etc., but it's almost always easier to just do SSL_load_error_strings which does everything. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
How to retrieve error about private key loading.
Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help.
Re: How to retrieve error about private key loading.
Hello, Maybe you may try something like this: int log_err(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 12:06:47 PM: Aro RANAIVONDRAMBOLA razuk...@gmail.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 12:08 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject How to retrieve error about private key loading. Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re:Re: How to retrieve error about private key loading.
I thinkERR_load_RSA_strings(void)should be called first. At 2011-02-25 19:25:51,marek.marc...@malkom.pl wrote: Hello, Maybe you may try something like this: int log_err(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 12:06:47 PM: Aro RANAIVONDRAMBOLA razuk...@gmail.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 12:08 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject How to retrieve error about private key loading. Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re:Re: How to retrieve error about private key loading.
Hello, Agree, or even: SSL_load_error_strings(); Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 03:10:45 PM: lzyzizi lzyz...@126.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 03:13 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re:Re: How to retrieve error about private key loading. I think ERR_load_RSA_strings(void) should be called first. At 2011-02-25 19:25:51,marek.marc...@malkom.pl wrote: Hello, Maybe you may try something like this: int log_err(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 12:06:47 PM: Aro RANAIVONDRAMBOLA razuk...@gmail.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 12:08 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject How to retrieve error about private key loading. Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: How to retrieve error about private key loading.
SSL_set_fd( ) also fails. to know what exactly happened, I tried somthing like this : if(SSL_set_fd(si-ssl, sock)){ int err_tmp = ERR_get_error(); char buf_tmp[256]; ERR_error_string_n(err_tmp, buf_tmp, sizeof(buf_tmp)); log(ERROR, buf_tmp); fsl_err = FSL_ERROR_CANNOTSETSSLFD; } BUT I have got this message : error::lib(0):func(0):reason(0) how to know what happens ...? What does this error mean ? Thanks. 2011/2/25 Aro RANAIVONDRAMBOLA razuk...@gmail.com Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help.
Re:Re:Re: How to retrieve error about private key loading.
Sorry,I didn't catch your meaning... You can useERR_GET_FUNC(l)with the error codeto get the error function ID that is defined in the module's header(here is ssl.h).You can also useconst char *ERR_func_error_string(unsigned long e)with the error code to get the string representation of the error function. Every time you want to know the string information of the error code,you need to call the void ERR_load_ERR_strings(void) first.(or callERR_load_(MODULE NAM)_strings(void) such as void ERR_load_SSL_strings(void)) ERR_get_error() .It get the most recently occurred error code. At 2011-02-25 22:10:45,lzyzizi lzyz...@126.com wrote: I thinkERR_load_RSA_strings(void)should be called first. At 2011-02-25 19:25:51,marek.marc...@malkom.pl wrote: Hello, Maybe you may try something like this: int log_err(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 12:06:47 PM: Aro RANAIVONDRAMBOLA razuk...@gmail.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 12:08 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject How to retrieve error about private key loading. Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re:Re: How to retrieve error about private key loading.
I think you missed the logic about the function return value. If SSL_set_fd( ) is ok , it will return 1. Your code may write this way: if( !SSL_set_fd(si-ssl, sock)){ int err_tmp = ERR_get_error(); char buf_tmp[256]; ERR_error_string_n(err_tmp, buf_tmp, sizeof(buf_tmp)); log(ERROR, buf_tmp); fsl_err = FSL_ERROR_CANNOTSETSSLFD; } At 2011-02-25 22:21:21,ikuzar razuk...@gmail.com wrote: SSL_set_fd( ) also fails. to know what exactly happened, I tried somthing like this : if(SSL_set_fd(si-ssl, sock)){ int err_tmp = ERR_get_error(); char buf_tmp[256]; ERR_error_string_n(err_tmp, buf_tmp, sizeof(buf_tmp)); log(ERROR, buf_tmp); fsl_err = FSL_ERROR_CANNOTSETSSLFD; } BUT I have got this message : error::lib(0):func(0):reason(0) how to know what happens ...? What does this error mean ? Thanks. 2011/2/25 Aro RANAIVONDRAMBOLArazuk...@gmail.com Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help.
Re: Re:Re: How to retrieve error about private key loading.
Ok. In fact, I develop a secure stack between TCP and an appli which will be developped by another developper. I do not want to display error on screen but now I 'd like to resend it to the appli above. I 'd like to make something wich matchs errors with integer. example : error number xxx - PVKEY_DOES_NOT_MATCH_WITH_CERT error number yyy - CANNOT_SET_SLL_WITH_FD So, someone who develops appli above make : if(PVKEY_DOES_NOT_MATCH_WITH_CERT) { // treat error here : prinf, etc ... } if(CANNOT_SET_SSL_WITH_FD){ //treat error here } etc... The problem is that I do not know how to retrieve xxx and yyy ... and how to match them with PVKEY_... and CANNOT_SET... etc... I am novice in C/C++ Thanks. 2011/2/25 lzyzizi lzyz...@126.com Sorry,I didn't catch your meaning... You can use *ERR_GET_FUNC(l) *with the error code* *to get the error function ID that is defined in the module's header(here is ssl.h).You can also use *const char *ERR_func_error_string(unsigned long e) *with the error code to get the string representation of the error function. Every time you want to know the string information of the error code,you need to call the* void ERR_load_ERR_strings(void) first.*(or call *ERR_load_(MODULE NAM)_strings(void) such as void ERR_load_SSL_strings(void)) * *ERR_get_error() *.It get the most recently occurred error code. At 2011-02-25 22:10:45,lzyzizi lzyz...@126.com wrote: I think *ERR_load_RSA_strings(void) *should be called first. At 2011-02-25 19:25:51,marek.marc...@malkom.pl wrote: Hello, Maybe you may try something like this: int log_err(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 12:06:47 PM: Aro RANAIVONDRAMBOLA razuk...@gmail.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 12:08 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject How to retrieve error about private key loading. Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re:Re: How to retrieve error about private key loading.
I am confused. ERR_load_SSL_strings does not exist in the doc on openssl web site. Idem for *ERR_load_ERR_strings().* I do not know how to obtain string information when SSL_set_fd( ) fails. I do not know what to do. Why do I need to get error function ID ? Sorry, I am so confused. 2011/2/25 lzyzizi lzyz...@126.com Sorry,I didn't catch your meaning... You can use *ERR_GET_FUNC(l) *with the error code* *to get the error function ID that is defined in the module's header(here is ssl.h).You can also use *const char *ERR_func_error_string(unsigned long e) *with the error code to get the string representation of the error function. Every time you want to know the string information of the error code,you need to call the* void ERR_load_ERR_strings(void) first.*(or call *ERR_load_(MODULE NAM)_strings(void) such as void ERR_load_SSL_strings(void)) * *ERR_get_error() *.It get the most recently occurred error code. At 2011-02-25 22:10:45,lzyzizi lzyz...@126.com wrote: I think *ERR_load_RSA_strings(void) *should be called first. At 2011-02-25 19:25:51,marek.marc...@malkom.pl wrote: Hello, Maybe you may try something like this: int log_err(void) { char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); printf(*** %s\n, buf); } Best regards, -- Marek Marcola marek.marc...@malkom.pl owner-openssl-us...@openssl.org wrote on 02/25/2011 12:06:47 PM: Aro RANAIVONDRAMBOLA razuk...@gmail.com Sent by: owner-openssl-us...@openssl.org 02/25/2011 12:08 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject How to retrieve error about private key loading. Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Re: How to retrieve error about private key loading.
Thanks, I missed ! ... 2011/2/25 lzyzizi lzyz...@126.com I think you missed the logic about the function return value. If SSL_set_fd( ) is ok , it will return 1. Your code may write this way: if(* !*SSL_set_fd(si-ssl, sock)){ int err_tmp = ERR_get_error(); char buf_tmp[256]; ERR_error_string_n(err_tmp, buf_tmp, sizeof(buf_tmp)); log(ERROR, buf_tmp); fsl_err = FSL_ERROR_CANNOTSETSSLFD; } At 2011-02-25 22:21:21,ikuzar razuk...@gmail.com wrote: SSL_set_fd( ) also fails. to know what exactly happened, I tried somthing like this : if(SSL_set_fd(si-ssl, sock)){ int err_tmp = ERR_get_error(); char buf_tmp[256]; ERR_error_string_n(err_tmp, buf_tmp, sizeof(buf_tmp)); log(ERROR, buf_tmp); fsl_err = FSL_ERROR_CANNOTSETSSLFD; } BUT I have got this message : error::lib(0):func(0):reason(0) how to know what happens ...? What does this error mean ? Thanks. 2011/2/25 Aro RANAIVONDRAMBOLA razuk...@gmail.com Hello, I realize that when my program calls SSL_CTX_use_certificate_file, it returns an error because the certificate does not match the private key. I would to process this kind of error. SSL_get_error( ) does not treat this case. I would like to know what is THE function wich enable me to extract the errors type ( in my case I want to retrieve error like SSL_ERROR_PVKEY_DOES_NOT_MATCH_WITH_CERT ) Thanks for your help.