Closed
Bug 88255
Opened 23 years ago
Closed 23 years ago
SSLSocket.forceHandshake should return more error information
Categories
(JSS Graveyard :: Library, enhancement, P2)
JSS Graveyard
Library
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jamie-bugzilla, Assigned: jamie-bugzilla)
Details
Attachments
(1 file)
The forceHandhake method in SSLSocket class does not return a very meaningful error message. The most I get is "Error in SSL handshake". May I suggest you look into returning more meaningful error messages in JSS especially like NSS does give that? (I think I may have raised this issue with you once before in crypto newsgroup -- sorry about the repeat :) ) Currently, how does a JSS enabled application know what exactly caused the SSL handshake to fail (something to help the user correct the problem)
|
Assignee | |
Updated•23 years ago
|
Severity: normal → enhancement
|
|
Assignee | |
Comment 2•23 years ago
|
||
|
|
Assignee | |
Comment 3•23 years ago
|
||
Comments about the above patch.
I pulled in the error strings from PSM. This included a function which, given a
PRErrorCode, returned a string representing that message.
Then I wrote a new exception-throwing function in JSS, JSS_throwMsgPrErrArg,
which takes a text string and a PRErrorCode and throws an exception with a new
string formatted "mesg: (errcode) errstring". For example, if you call:
JSS_throwMsgPrErrArg(..., "failed to redo handshake", PR_GetError());
the exception's text string would end up looking something like this:
"failed to redo handshake: (-8178) Peer's Certificate was not valid"
The macro JSS_throwMsgPrErr() calls PR_GetError() for you so that you don't have
to pass the PRErrorCode in by hand.
Then I did a supervised search-and-replace of JSS_throwMsg with
JSS_throwMsgPrErr in the JSS SSL JNI code.
And here's a real-life example result:
> java socketTest
main: about to load jss library
main: jss library loaded
*** Hostname: www.calfed.com
java.net.SocketException: SSL_ForceHandshake failed: (-8179) Peer's Certificate
issuer is not recognized.
at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
at socketTest.main(socketTest.java:46)
This replacement could be made anywhere that NSPR's error codes are used, but I
looked around in the rest of the code, and it's not nearly as appropriate
outside the SSL library. Most of the exceptions in other parts of JSS have quite
precise error messages. This is always something we can add later. Both requests
for this feature (Patrick Cesard and Miodrag) were directed at the SSL library.
I'm inclined to check this in before the nightly builds and ask questions later.|
|
Assignee | |
Updated•23 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 4•23 years ago
|
||
/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.c,v <-- SSLServerSocket.c new revision: 1.4.4.1; previous revision: 1.4 /cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c,v <-- SSLSocket.c new revision: 1.7.4.1; previous revision: 1.7 /cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/common.c,v <-- common.c new revision: 1.6.8.1; previous revision: 1.6 /cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.c,v <-- SSLServerSocket.c new revision: 1.5; previous revision: 1.4 /cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c,v <-- SSLSocket.c new revision: 1.8; previous revision: 1.7 /cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/common.c,v <-- common.c new revision: 1.7; previous revision: 1.6 /cvsroot/mozilla/security/jss/org/mozilla/jss/util/NSPRerrs.h,v <-- NSPRerrs.h initial revision: 1.1 /cvsroot/mozilla/security/jss/org/mozilla/jss/util/SECerrs.h,v <-- SECerrs.h initial revision: 1.1 /cvsroot/mozilla/security/jss/org/mozilla/jss/util/SSLerrs.h,v <-- SSLerrs.h initial revision: 1.1 /cvsroot/mozilla/security/jss/org/mozilla/jss/util/errstrings.c,v <-- errstrings.c initial revision: 1.1 /cvsroot/mozilla/security/jss/org/mozilla/jss/util/jssutil.c,v <-- jssutil.c new revision: 1.5.2.1; previous revision: 1.5 /cvsroot/mozilla/security/jss/org/mozilla/jss/util/jssutil.h,v <-- jssutil.h new revision: 1.3.8.1; previous revision: 1.3 /cvsroot/mozilla/security/jss/org/mozilla/jss/util/manifest.mn,v <-- manifest.mn new revision: 1.5.2.1; previous revision: 1.5 /cvsroot/mozilla/security/jss/org/mozilla/jss/util/jssutil.c,v <-- jssutil.c new revision: 1.6; previous revision: 1.5 /cvsroot/mozilla/security/jss/org/mozilla/jss/util/jssutil.h,v <-- jssutil.h new revision: 1.4; previous revision: 1.3 /cvsroot/mozilla/security/jss/org/mozilla/jss/util/manifest.mn,v <-- manifest.mn new revision: 1.6; previous revision: 1.5
|
|
Assignee | |
Comment 5•23 years ago
|
||
adding miodrag to cc
You need to log in
before you can comment on or make changes to this bug.
Description
•