[openssl-dev] [openssl.org #3625] Enhancement request: user convenience for SSL_CONF_CTX with SSLv2
Steffen Nurpmeso
sdaoden at yandex.com
Thu Dec 11 12:03:30 UTC 2014
Hello,
"Stephen Henson via RT" <rt at openssl.org> wrote:
|On Mon Dec 08 19:58:31 2014, sdaoden at yandex.com wrote:
|> If people start using SSL_CONF_CTX as they are supposed to with
|> v1.0.2, then it can be expected that users start using strings
|> like, e.g. (from my thing),
|>
|> set ssl-protocol="ALL,-SSLv2"
|If you print out the additional error data it should also indicate which
|command and value it is objecting to, though it will only \
|say it doesn't like
|the whole string and not the specific part of it it is rejecting.
Oh i'm not complaining on that, error handling is always weird,
and i think strings like
error:140D00CF:SSL routines:SSL_write:protocol is shutdown
are hard (not only to parse) for users but there is a lot of
information for good in very few bytes; sad is
Received SIGPIPE during IMAP operation
IMAP write error: error:00000000:lib(0):func(0):reason(0)
but as i think for most (Open)SSL related problems this is all my
/ our fault, users should not be bothered with that.
Strings are intransparent for application programmers, but myriads
of error enumerations can be too. Whatever.
Regarding #3625: i think no user (that made it so far at first
glance, which maybe even required buying a book and reading
a lot!) would expect an error for saying "-SSLv2".
But since it was an accidental oversight and the _OP_NO_SSLv2 is
still defined (what i didn't even look for after reading the
commit message) i think it'll be ok anyway once committed and this
can be closed?
Ciao,
--steffen
More information about the openssl-dev
mailing list