Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a test for TLS error reporting and fix some problems #6938

Merged
merged 2 commits into from
Sep 9, 2023
Merged

Add a test for TLS error reporting and fix some problems #6938

merged 2 commits into from
Sep 9, 2023

Conversation

tgoyne
Copy link
Member

@tgoyne tgoyne commented Aug 30, 2023

With SecureTransport only a single error code was reported as the TLS handshake failing, but actually every error code with the secure transport error category indicates that.

With OpenSSL things were worse: it had a specific list of error messages that indicate a TLS error. This didn't actually work, as the error message wasn't being populated correctly and TLS errors would end up with errors like "RSA lib" rather than what the code was checking for (and these useless errors were forwarded on to the SDK).

@tgoyne tgoyne self-assigned this Aug 30, 2023
@cla-bot cla-bot bot added the cla: yes label Aug 30, 2023
@tgoyne tgoyne force-pushed the tg/tls-error-reporting branch 8 times, most recently from 5adb7c1 to a4d5cda Compare August 31, 2023 20:31
@tgoyne tgoyne marked this pull request as ready for review September 1, 2023 04:23
@tgoyne tgoyne requested a review from michael-wb September 1, 2023 04:23
michael-wb
michael-wb approved these changes Sep 9, 2023
View reviewed changes
Copy link
Contributor

@michael-wb michael-wb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - thanks for making these updates and adding the test for tls handshake failed in the object store tests!

@tgoyne
Fix REALM_FORCE_OPENSSL compilation on macOS
635291c 
ObjectStore requires Security.framework for the keychain functionality even if
Sync is using OpenSLL.
@tgoyne
Add a test for TLS error reporting and fix some problems
fb1d9b0 
With SecureTransport only a single error code was reported as the TLS handshake
failing, but actually every error code with the secure transport error category
indicates that.

With OpenSSL things were worse: it had a specific list of error messages that
indicate a TLS error. This didn't actually work, as the error message wasn't
being populated correctly and TLS errors would end up with errors like "RSA lib"
rather than what the code was checking for (and these useless errors were
forwarded on to the SDK).
@tgoyne tgoyne force-pushed the tg/tls-error-reporting branch from a4d5cda to fb1d9b0 Compare September 9, 2023 17:05
@tgoyne tgoyne merged commit 4c04db5 into master Sep 9, 2023
@tgoyne tgoyne deleted the tg/tls-error-reporting branch September 9, 2023 23:54
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@michael-wb michael-wb michael-wb approved these changes

Assignees

@tgoyne tgoyne

Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tgoyne @michael-wb