Details
-
New Feature
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
When methods fail in the proton.SSLDomain class, it's not possible to get more debugging information to the user about what went wrong.
Sample code:
from proton import SSLDomain ssl = SSLDomain(SSLDomain.MODE_CLIENT) ssl.set_credentials('/home/user/user.crt', '/home/user/user.key', None)
If "user.crt" or "user.key" are unreadable (ie bad filesystem permissions, or SELinux denials, etc), then set_credentials() fails with a simple error:
proton._exceptions.SSLException: SSL failure.
There's nothing like ENOENT, EPERM, or anything else from openssl, or any other information.
Looking at pn_ssl_domain_set_credentials() in c/src/ssl/openssl.c, two ideas occur to me:
- This method already logs helpful messages with ssl_log_error(). Is there any way to access those messages with Python?
- This method returns bare ints for errors (-3, -4, etc). Is there any code to translate those error numbers into other values in Python? Would I have to write that myself? Where?
- It would be really helpful to get the exact error message from the OpenSSL methods, like when SSL_CTX_use_PrivateKey_file goes wrong, it's hard to tell why.
Attachments
Issue Links
- is fixed by
-
PROTON-1870 better logging for ssl
- Open