Closed
Bug 68097
Opened 24 years ago
Closed 24 years ago
ssl API inconsistent use of SECStatus vs int
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.2
People
(Reporter: nelson, Assigned: nelson)
Details
Attachments
(1 file)
|
16.15 KB,
patch
|
Details | Diff | Splinter Review |
There are many functions in ssl.h that are declared to return
type int, which actually return type SECStatus.
Similarly, in ssl.h there are typedefs for pointers to functions
that return int which should be pointers to functions that
return SECStatus.
I propose to change ssl.h to use SECStatus instead of int in
the declarations of all functions and typedefs that really
should use SECStatus.
This will eliminate numerous warnings. For some of our customers
who use ssl.h, it may also create some new warnings. Customer
code that includes callback functions that were defined to return
int (to agree with the typedef in ssl.h) will generate a warning
that it doesn't agree with the typedef. This will be apparent
in places where the address of the customer's function is passed
to an SSL function that registers the callback. Customers who
don't like those warnings can trivially eliminate them.
|
Assignee | |
Comment 1•24 years ago
|
||
|
|
Assignee | |
Comment 2•24 years ago
|
||
I invite review of the attached patch.
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → 3.2
|
||
Comment 3•24 years ago
|
||
Now is a good time to clean these up. All the functions you've changed look like
they are appropriate.
I approve the changes.
bob
|
||
Comment 4•24 years ago
|
||
SSL_SecurityStatus(), SSL_AuthCertificateHook(), etc. will return SECFailure
without setting an error code.
|
|
Assignee | |
Comment 5•24 years ago
|
||
John, the functions you mentioned only return SECFailure when
an underlying function that they've called returns an error.
In every case, it is the responsibility of the underlying function
to set the error code.
So, you have no objections to the conversion from int to SECStatus?
|
|
||
Comment 6•24 years ago
|
||
The functions I've mentioned return SECFailure when ssl_FindSocket() (and
PR_GetIdentitiesLayer) returns NULL. NULL returns from these functions are not
errors and do not set the error code.
|
|
Assignee | |
Comment 7•24 years ago
|
||
You're right. ssl_FindSocket() should set an error when
PR_GetIdentitiesLayer() returns NULL. I'll make another
bug out of that. Failure to set an error code
is a bug regardless of the return value type.
This bug is about the types for function return values.
You apparently have no objection to the change proposed
in this bug.
|
|
||
Comment 8•24 years ago
|
||
Correct, I have no objection.
I would like further auditing to make sure that PR_WOULD_BLOCK_ERROR is set
every time a function returns SECWouldBlock. I would be happier if the
functions returned a PRStatus instead of a SECStatus. It is error prone to have
two different ways of signalling the same condition.
|
|
Assignee | |
Comment 9•24 years ago
|
||
PR_WOULD_BLOCK_ERROR and SecWouldBlock are not strictly
synonymous.
There are places where it is appropriate to map one to the
other, and places where it is not.
I agree that it should be done in all places where appropriate.
The patch attached (above) has been checked in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
|
|
||
Comment 10•24 years ago
|
||
How are PR_WOULD_BLOCK_ERROR and SecWouldBlock different? When would mapping
them be inappropriate?
You need to log in
before you can comment on or make changes to this bug.
Description
•