AcornSSL-specific errors
Dave Higton (1515) 3543 posts |
How should applications treat AcornSSL-specific errors, i.e. those in the range &813F20 to &813F3F? There isn’t an explanation of their meanings anywhere that I have been able to find. The most basic of information I’m looking for is how to treat them – are they temporary errors (i.e. try the operation again) or are they fatal (i.e. give up now, it’s not going to work)? The only suggestion I’ve seen is that &813F26 and &813F27 are temporary, roughly equivalent to EWOULDBLOCK, so try the operation again and it will probably come right. |
Martin Avison (27) 1497 posts |
If you have downloaded my AcornSSL StrongHelp manual there is a section in there (Error Reporting → &813F20-813F3F) which lists the text contained in AcornSSL.Messages, with some comments from my experiences of when they happen and why. Any additions to those comments welcome! |
Colin (478) 2433 posts |
The errors are in sslmod.h and it appears to me that you should fail if you encounter one. &813F26 (ERR06_SOCKET_ERROR) is an mbedtls error while reading or writing and &813F27 (ERR07_HANDSHAKE_ERROR) is an mbedtls error during the handshake. Normal socket errors are returned with their normal socket swi chunk and MBEDTLS_ERR_SSL_WANT_READ/WRITE mbedtls errors are converted to EWOULDBLOCK during reading/writing and ENOTCON during handshake. |
Dave Higton (1515) 3543 posts |
I’d like to be able to agree with you (and certainly I’ve seen one place in the code where ERR06 and ERR07 are converted to EWOULDBLOCK), but I’ve also experienced those errors when a retry worked. I.e. that’s treating it exactly like EWOULDBLOCK. I wonder if there is more than one reason why those error codes can be generated. Perhaps one or more reasons are only transient, and some permanent? |
Colin Ferris (399) 1818 posts |
Are these errors sort of English – (Error would Block)? |
Rick Murray (539) 13861 posts |
Yes, EWOULDBLOCK means exactly that – continuing the operation would block the machine waiting. It’s basically saying “go away and do something else, try again later”. A good point for a call to Wimp_Poll. ;-) |
Colin (478) 2433 posts |
If you mean you are receiving MBEDTLS_ERR_SSL_WANT_READ/WRITE versions of ERR06 errors that is a bug in handshake_sslhandle. replace
with
Yes EWOULDBLOCK is the value of an error returned by the socket library it signifies that a process would block if it was a blocking socket and just means you can try the process again when you are ready |
Dave Higton (1515) 3543 posts |
This gives me (and all other users of AcornSSL) a problem. At the moment, since the temporary version of ERR06 is much more common than the permanent version, we have to treat it as temporary and retry. Otherwise fetches will often be aborted unnecessarily. If the bug were to get fixed in a known version of AcornSSL, however, we could treat it correctly in that and later versions, and just retry in prior versions. Hint :-) Hint :-) |
Chris Mahoney (1684) 2165 posts |
Do you mean that you’d want the version number to be updated at the same time as the fix? Blasphemy. |
Steve Pampling (1551) 8180 posts |
As you say Chris, blasphemy. Seriously – exactly how many not-really-the-same-version-despite-the-same-number versions do we have now? 1 Plus a few more that look similar but aren’t really, but that’s OK because all true believers know the One True AcornSSL. |
Dave Higton (1515) 3543 posts |
No take-a da piss :-) |
Colin (478) 2433 posts |
Not really. Change it in your version and when you submit it will be fixed. As a general rule if the module returns an mbedtls error when it should return ENOTCONN (during a handshake) or EWOULDBLOCK then it is a bug that needs fixing. AcornSSL swis have to work like socket swis – except they don’t because of ENOTCONN but that’s another story. I figured you were modifying AcornSSL so I didn’t want to submit anything which would cause a problem for you ie you would have to merge any changes I made to the ROOL version. I messed a bit with AcornSSL and extended CreateSession to work with client/server datagram/stream sockets, that’s where I found the bug. I can submit the bug if you like?
You would expect that EWOULDBLOCK happens a lot more than EINVAL. |
Colin Ferris (399) 1818 posts |
I vote for the working module to be painted Green :-) |
Dave Higton (1515) 3543 posts |
I would certainly appreciate it if you would submit a fix so that these temporary errors are reported as EWOULDBLOCK or ENOTCONN (I don’t know which is correct, but certainly it should be one that users know to retry). I think there is a bit more discussion to be had about server functionality, so let’s keep that as a separate stage, and let’s not hold up fix of this bug. Because it is a bug. And I’m working with Andrew on the release of a new version of NewsHound, for which I really could make a code path depend on fixed or non-fixed versions of AcornSSL. |
Rick Murray (539) 13861 posts |
This is a wider problem in the RISC OS codebase. How many broken versions of AcornHTTP were created (and released) when some library (zlib? I forget) was messed up. If binary different modules had different versions, it would be simple to say “these versions are broken”. Instead, stuff crashes. I have two methods. One in Manga (detect modules by known lengths) and one unreleased (scan the module looking for known broken code sequences). But, really, that shouldn’t be my job to do… |
Rick Murray (539) 13861 posts |
+1 for painting it green. 🌳 |
Richard H (8675) 100 posts |
With rounded corners? |
Steve Pampling (1551) 8180 posts |
I said:
I could go for the innocent look, but I noted many years ago that when straight talk is getting you nowhere then extracting a little urine registers. |
Steve Pampling (1551) 8180 posts |
Speaking as a neutral, some people like rounded corners. There you go Paolo another desktop tweak. |
Rick Murray (539) 13861 posts |
What do you mean “then”? It’s my default setting. I put that down to being British… The important thing, though, is to be very sincere. So everybody knows urine is being extracted, except the person you’re extracting it from. |
Steve Pampling (1551) 8180 posts |
…meander off to Aldershot (twinned with Bedworth) |