diff options
author | Alexey Lebedeff <[email protected]> | 2016-05-19 15:11:37 +0300 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2016-05-31 10:33:31 +0200 |
commit | 8c419a6edecc86dc4c682d040c4bb3e3506c7876 (patch) | |
tree | c6dd89c9715818f3e153ee96225e121216e3557c /lib/ssl/src/ssl_alert.hrl | |
parent | 98f13e3c4cf6282e2114deb71805c54596ffdc8a (diff) | |
download | otp-8c419a6edecc86dc4c682d040c4bb3e3506c7876.tar.gz otp-8c419a6edecc86dc4c682d040c4bb3e3506c7876.tar.bz2 otp-8c419a6edecc86dc4c682d040c4bb3e3506c7876.zip |
Improve SSL diagnostics
There are a lot of cases where `ssl` application just returns unhelpful
`handshake failure` or `internal error`. This patch tries to provide
better diagnostics so operator can debug his SSL misconfiguration
without doing hardcore erlang debugging.
Here is an example escript that incorrectly uses server certificate as a
client one:
https://gist.github.com/binarin/35c34c2df7556bf04c8a878682ef3d67
With the patch it is properly reported as an error in "extended key
usage".
Diffstat (limited to 'lib/ssl/src/ssl_alert.hrl')
-rw-r--r-- | lib/ssl/src/ssl_alert.hrl | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/ssl/src/ssl_alert.hrl b/lib/ssl/src/ssl_alert.hrl index 8c4bd08d31..38facb964f 100644 --- a/lib/ssl/src/ssl_alert.hrl +++ b/lib/ssl/src/ssl_alert.hrl @@ -109,6 +109,7 @@ -define(NO_APPLICATION_PROTOCOL, 120). -define(ALERT_REC(Level,Desc), #alert{level=Level,description=Desc,where={?FILE, ?LINE}}). +-define(ALERT_REC(Level,Desc,Reason), #alert{level=Level,description=Desc,where={?FILE, ?LINE},reason=Reason}). -define(MAX_ALERTS, 10). @@ -116,6 +117,7 @@ -record(alert, { level, description, - where = {?FILE, ?LINE} + where = {?FILE, ?LINE}, + reason }). -endif. % -ifdef(ssl_alert). |