openssl_stream seems to convert OpenSSL errors obtained from ERR_get_error by always assigning them std::system_category():
|
unsigned long ssl_err = ERR_get_error(); |
|
ec = std::error_code( |
|
static_cast<int>(ssl_err), std::system_category()); |
|
co_return {ec}; |
This is not correct, as most OpenSSL errors are not system errors. The consequence is that OpenSSL generated errors display an incorrect message when using error_code::message() (or printing them).
For example, the following program triggers a TLS certificate validation error:
capy::task<void> run(corosio::io_context& ioc, corosio::ipv4_address addr, std::uint16_t port)
{
// Create and connect a TCP socket
corosio::tcp_socket sock(ioc);
sock.open();
if (auto [ec] = co_await sock.connect(corosio::endpoint(addr, port)); ec)
throw std::system_error(ec, "TCP connect");
// Configure TLS: verify the peer's certificate using the system CA store
corosio::tls_context ctx;
if (auto ec = ctx.set_default_verify_paths(); ec)
throw std::system_error(ec, "set_default_verify_paths");
if (auto ec = ctx.set_verify_mode(corosio::tls_verify_mode::peer); ec)
throw std::system_error(ec, "set_verify_mode");
ctx.set_hostname("www.boost.org");
// Wrap the socket in a TLS stream and perform the handshake
corosio::openssl_stream tls(&sock, ctx);
auto [ec] = co_await tls.handshake(corosio::openssl_stream::client);
std::cerr << ec.message() << std::endl;
}Rendered as system:167772294: Unknown error 167772294.
The proper way would be creating an OpenSSL error category. For example:
https://github.com/chriskohlhoff/asio/blob/master/include/asio/ssl/impl/error.ipp
Note that there are some codes that actually are system codes:
https://github.com/boostorg/mysql/blob/4558bb4579ddd2a8eef8f2196e33f17b68c19506/include/boost/mysql/impl/internal/sansio/csha2p_encrypt_password.hpp#L39-L67
openssl_streamseems to convert OpenSSL errors obtained fromERR_get_errorby always assigning themstd::system_category():corosio/src/openssl/src/openssl_stream.cpp
Lines 602 to 605 in 5b59fe9
This is not correct, as most OpenSSL errors are not system errors. The consequence is that OpenSSL generated errors display an incorrect message when using
error_code::message()(or printing them).For example, the following program triggers a TLS certificate validation error:
Rendered as
system:167772294: Unknown error 167772294.The proper way would be creating an OpenSSL error category. For example:
https://github.com/chriskohlhoff/asio/blob/master/include/asio/ssl/impl/error.ipp
Note that there are some codes that actually are system codes:
https://github.com/boostorg/mysql/blob/4558bb4579ddd2a8eef8f2196e33f17b68c19506/include/boost/mysql/impl/internal/sansio/csha2p_encrypt_password.hpp#L39-L67