GnuTLS (libgrypt really) and Postfix
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Tue Feb 14 13:57:56 EST 2006
On Tue, Feb 14, 2006 at 01:00:33PM -0500, Steven M. Bellovin wrote:
> We all agree that critical errors like this should be caught; the only
> question is at what layer the action should take place. I'm an
> adherent to the Unix philosophy -- when a decision is made at a lower
> level, it takes away the ability of the higher level to do something
> different if appropriate, and this loss of flexibility is a bad thing.
Thanks, this makes the point very clearly!
> Let me suggest a C-compatible possibility: pass an extra parameter to
> the library routines, specifying a procedure to call if serious errors
> occur. If that pointer is null, the library can abort.
>
The pass-a-function pointer approach covers the simpler cases. Large
utility libraries (OpenSSL, Kerberos, ...) sometimes have a tougher
problem to solve.
- The function needs error detail arguments so it can take the
right actions.
- Errors may need a classification system, so that new errors
of the same type can be handled generically in legacy code as
the library evolves.
- The function needs an application context argument so it has
access to the data it needs to take the right actions.
So, the more sophisticated C-language designs (e.g. OpenSSL or Kerberos)
include an error management API. These are clearly work-arounds for
lack of real exceptions. They take care to design and implement, and
it may be difficult or impractical to retrofit an existing design that
did not pay the price from the start, but I find claims that the exit()
approach is best *on architectural grounds* rather surprising...
ERR_get_error(3) OpenSSL ERR_get_error(3)
NAME
ERR_get_error, ERR_peek_error, ERR_peek_last_error, ERR_get_error_line,
ERR_peek_error_line, ERR_peek_last_error_line, ERR_get_error_line_data,
ERR_peek_error_line_data, ERR_peek_last_error_line_data - obtain error
code and data
SYNOPSIS
#include <openssl/err.h>
unsigned long ERR_get_error(void);
unsigned long ERR_peek_error(void);
unsigned long ERR_peek_last_error(void);
unsigned long ERR_get_error_line(const char **file, int *line);
unsigned long ERR_peek_error_line(const char **file, int *line);
unsigned long ERR_peek_last_error_line(const char **file, int *line);
unsigned long ERR_get_error_line_data(const char **file, int *line,
const char **data, int *flags);
unsigned long ERR_peek_error_line_data(const char **file, int *line,
const char **data, int *flags);
unsigned long ERR_peek_last_error_line_data(const char **file, int *line
,
const char **data, int *flags);
DESCRIPTION
ERR_get_error() returns the earliest error code from the thread's error
queue and removes the entry. This function can be called repeatedly
until there are no more error codes to return.
ERR_GET_LIB(3) OpenSSL ERR_GET_LIB(3)
NAME
ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON - get library, function and
reason code
SYNOPSIS
#include <openssl/err.h>
int ERR_GET_LIB(unsigned long e);
int ERR_GET_FUNC(unsigned long e);
int ERR_GET_REASON(unsigned long e);
DESCRIPTION
The error code returned by ERR_get_error() consists of a library num-
ber, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC() and
ERR_GET_REASON() can be used to extract these.
The library number and function code describe where the error occurred,
the reason code is the information about what went wrong.
Each sub-library of OpenSSL has a unique library number; function and
reason codes are unique within each sub-library. Note that different
libraries may use the same value to signal different functions and rea-
sons.
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list