diff options
| author | Thorsten von Eicken | 2020-03-26 23:17:35 -0700 |
|---|---|---|
| committer | Damien George | 2020-07-20 23:41:45 +1000 |
| commit | 9aa214077e6d1e0fba1a775431fedea4c8d76558 (patch) | |
| tree | d04efd64de63ed54a32b53392125bebf2f394672 /extmod/modussl_axtls.c | |
| parent | c7f7c0214c433d52204fe73613bd6162507a0482 (diff) | |
extmod/modussl: Improve exception error messages.
This commit adds human readable error messages when mbedtls or axtls raise
an exception. Currently often just an EIO error is raised so the user is
lost and can't tell whether it's a cert error, buffer overrun, connecting
to a non-ssl port, etc. The axtls and mbedtls error raising in the ussl
module is modified to raise:
OSError(-err_num, "error string")
For axtls a small error table of strings is added and used for the second
argument of the OSErrer. For mbedtls the code uses mbedtls' built-in
strerror function, and if there is an out of memory condition it just
produces OSError(-err_num). Producing the error string for mbedtls is
conditional on them being included in the mbedtls build, via
MBEDTLS_ERROR_C.
Diffstat (limited to 'extmod/modussl_axtls.c')
| -rw-r--r-- | extmod/modussl_axtls.c | 55 |
1 files changed, 52 insertions, 3 deletions
diff --git a/extmod/modussl_axtls.c b/extmod/modussl_axtls.c index 7b0e3cbcb..0b0ce35fc 100644 --- a/extmod/modussl_axtls.c +++ b/extmod/modussl_axtls.c @@ -29,6 +29,7 @@ #include "py/runtime.h" #include "py/stream.h" +#include "py/objstr.h" #if MICROPY_PY_USSL && MICROPY_SSL_AXTLS @@ -54,6 +55,56 @@ struct ssl_args { STATIC const mp_obj_type_t ussl_socket_type; +// Table of errors +struct ssl_errs { + int16_t errnum; + const char *errstr; +}; +STATIC const struct ssl_errs ssl_error_tab[] = { + { SSL_NOT_OK, "NOT_OK" }, + { SSL_ERROR_DEAD, "DEAD" }, + { SSL_CLOSE_NOTIFY, "CLOSE_NOTIFY" }, + { SSL_EAGAIN, "EAGAIN" }, + { SSL_ERROR_CONN_LOST, "CONN_LOST" }, + { SSL_ERROR_RECORD_OVERFLOW, "RECORD_OVERFLOW" }, + { SSL_ERROR_SOCK_SETUP_FAILURE, "SOCK_SETUP_FAILURE" }, + { SSL_ERROR_INVALID_HANDSHAKE, "INVALID_HANDSHAKE" }, + { SSL_ERROR_INVALID_PROT_MSG, "INVALID_PROT_MSG" }, + { SSL_ERROR_INVALID_HMAC, "INVALID_HMAC" }, + { SSL_ERROR_INVALID_VERSION, "INVALID_VERSION" }, + { SSL_ERROR_UNSUPPORTED_EXTENSION, "UNSUPPORTED_EXTENSION" }, + { SSL_ERROR_INVALID_SESSION, "INVALID_SESSION" }, + { SSL_ERROR_NO_CIPHER, "NO_CIPHER" }, + { SSL_ERROR_INVALID_CERT_HASH_ALG, "INVALID_CERT_HASH_ALG" }, + { SSL_ERROR_BAD_CERTIFICATE, "BAD_CERTIFICATE" }, + { SSL_ERROR_INVALID_KEY, "INVALID_KEY" }, + { SSL_ERROR_FINISHED_INVALID, "FINISHED_INVALID" }, + { SSL_ERROR_NO_CERT_DEFINED, "NO_CERT_DEFINED" }, + { SSL_ERROR_NO_CLIENT_RENOG, "NO_CLIENT_RENOG" }, + { SSL_ERROR_NOT_SUPPORTED, "NOT_SUPPORTED" }, +}; + +STATIC NORETURN void ussl_raise_error(int err) { + for (size_t i = 0; i < MP_ARRAY_SIZE(ssl_error_tab); i++) { + if (ssl_error_tab[i].errnum == err) { + // construct string object + mp_obj_str_t *o_str = m_new_obj_maybe(mp_obj_str_t); + if (o_str == NULL) { + break; + } + o_str->base.type = &mp_type_str; + o_str->data = (const byte *)ssl_error_tab[i].errstr; + o_str->len = strlen((char *)o_str->data); + o_str->hash = qstr_compute_hash(o_str->data, o_str->len); + // raise + mp_obj_t args[2] = { MP_OBJ_NEW_SMALL_INT(err), MP_OBJ_FROM_PTR(o_str)}; + nlr_raise(mp_obj_exception_make_new(&mp_type_OSError, 2, 0, args)); + } + } + mp_raise_OSError(err); +} + + STATIC mp_obj_ssl_socket_t *ussl_socket_new(mp_obj_t sock, struct ssl_args *args) { #if MICROPY_PY_USSL_FINALISER mp_obj_ssl_socket_t *o = m_new_obj_with_finaliser(mp_obj_ssl_socket_t); @@ -107,9 +158,7 @@ STATIC mp_obj_ssl_socket_t *ussl_socket_new(mp_obj_t sock, struct ssl_args *args int res = ssl_handshake_status(o->ssl_sock); if (res != SSL_OK) { - printf("ssl_handshake_status: %d\n", res); - ssl_display_error(res); - mp_raise_OSError(MP_EIO); + ussl_raise_error(res); } } |