SSLSocket.forceHandshake should return more error information

RESOLVED FIXED

Status

P2
enhancement
RESOLVED FIXED
18 years ago
18 years ago

People

(Reporter: jamie-bugzilla, Assigned: jamie-bugzilla)

Tracking

Details

Attachments

(1 attachment)

(Assignee)

Description

18 years ago
The forceHandhake method in SSLSocket class does not return a very
  meaningful error message. The most I get is "Error in SSL handshake".  May I
  suggest you look into returning more meaningful error messages in JSS
  especially like NSS does give that? (I think I may have raised this issue
  with you once before in crypto newsgroup -- sorry about the repeat :) )
  Currently, how does a JSS enabled application know what exactly caused the
  SSL handshake to fail (something to help the user correct the problem)
(Assignee)

Updated

18 years ago
Severity: normal → enhancement
(Assignee)

Comment 1

18 years ago
Priority P2.
Status: NEW → ASSIGNED
Priority: -- → P2
(Assignee)

Comment 2

18 years ago
Created attachment 44535 [details] [diff] [review]
patch to add NSPR, SEC, and SSL errors to JSS SSL exceptions
(Assignee)

Comment 3

18 years ago
Comments about the above patch.

I pulled in the error strings from PSM. This included a function which, given a
PRErrorCode, returned a string representing that message.

Then I wrote a new exception-throwing function in JSS, JSS_throwMsgPrErrArg,
which takes a text string and a PRErrorCode and throws an exception with a new
string formatted "mesg: (errcode) errstring". For example, if you call:

JSS_throwMsgPrErrArg(..., "failed to redo handshake", PR_GetError());

the exception's text string would end up looking something like this:
"failed to redo handshake: (-8178) Peer's Certificate was not valid"

The macro JSS_throwMsgPrErr() calls PR_GetError() for you so that you don't have
to pass the PRErrorCode in by hand.

Then I did a supervised search-and-replace of JSS_throwMsg with
JSS_throwMsgPrErr in the JSS SSL JNI code.

And here's a real-life example result:

> java socketTest
main: about to load jss library
main: jss library loaded
*** Hostname: www.calfed.com
java.net.SocketException: SSL_ForceHandshake failed: (-8179) Peer's Certificate
issuer is not recognized.
        at org.mozilla.jss.ssl.SSLSocket.forceHandshake(Native Method)
        at socketTest.main(socketTest.java:46)

This replacement could be made anywhere that NSPR's error codes are used, but I
looked around in the rest of the code, and it's not nearly as appropriate
outside the SSL library. Most of the exceptions in other parts of JSS have quite
precise error messages. This is always something we can add later. Both requests
for this feature (Patrick Cesard and Miodrag) were directed at the SSL library.

I'm inclined to check this in before the nightly builds and ask questions later.
(Assignee)

Updated

18 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED
(Assignee)

Comment 4

18 years ago
/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.c,v  <-- 
SSLServerSocket.c
new revision: 1.4.4.1; previous revision: 1.4

/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c,v  <--  SSLSocket.c
new revision: 1.7.4.1; previous revision: 1.7

/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/common.c,v  <--  common.c
new revision: 1.6.8.1; previous revision: 1.6

/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.c,v  <-- 
SSLServerSocket.c
new revision: 1.5; previous revision: 1.4

/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c,v  <--  SSLSocket.c
new revision: 1.8; previous revision: 1.7

/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/common.c,v  <--  common.c
new revision: 1.7; previous revision: 1.6

/cvsroot/mozilla/security/jss/org/mozilla/jss/util/NSPRerrs.h,v  <--  NSPRerrs.h
initial revision: 1.1

/cvsroot/mozilla/security/jss/org/mozilla/jss/util/SECerrs.h,v  <--  SECerrs.h
initial revision: 1.1

/cvsroot/mozilla/security/jss/org/mozilla/jss/util/SSLerrs.h,v  <--  SSLerrs.h
initial revision: 1.1

/cvsroot/mozilla/security/jss/org/mozilla/jss/util/errstrings.c,v  <--  errstrings.c
initial revision: 1.1

/cvsroot/mozilla/security/jss/org/mozilla/jss/util/jssutil.c,v  <--  jssutil.c
new revision: 1.5.2.1; previous revision: 1.5

/cvsroot/mozilla/security/jss/org/mozilla/jss/util/jssutil.h,v  <--  jssutil.h
new revision: 1.3.8.1; previous revision: 1.3

/cvsroot/mozilla/security/jss/org/mozilla/jss/util/manifest.mn,v  <--  manifest.mn
new revision: 1.5.2.1; previous revision: 1.5

/cvsroot/mozilla/security/jss/org/mozilla/jss/util/jssutil.c,v  <--  jssutil.c
new revision: 1.6; previous revision: 1.5

/cvsroot/mozilla/security/jss/org/mozilla/jss/util/jssutil.h,v  <--  jssutil.h
new revision: 1.4; previous revision: 1.3

/cvsroot/mozilla/security/jss/org/mozilla/jss/util/manifest.mn,v  <--  manifest.mn
new revision: 1.6; previous revision: 1.5
(Assignee)

Comment 5

18 years ago
adding miodrag to cc
You need to log in before you can comment on or make changes to this bug.