Merge branch 'dgud/ssl/format_error/erlangGH-7247/OTP-18596' into maint

kevsmith · May 26, 2023 · 7deca60 · 7deca60
2 parents 7ca71be + 80e53f6
commit 7deca60
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 6 deletions.
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
@@ -2752,16 +2752,34 @@ do_format_error(closed) ->
     "TLS connection is closed";
 do_format_error({tls_alert, {_, Description}}) ->
     Description;
-do_format_error({options,{FileType, File, Reason}}) when FileType == cacertfile;
-						      FileType == certfile;
-                                                         FileType == keyfile;
-						      FileType == dhfile ->
+do_format_error({options,{FileType, File, Reason}})
+  when FileType == cacertfile;
+       FileType == certfile;
+       FileType == keyfile;
+       FileType == dhfile ->
     Error = file_error_format(Reason),
     file_desc(FileType) ++ File ++ ": " ++ Error;
 do_format_error ({options, {socket_options, Option, Error}}) ->
     lists:flatten(io_lib:format("Invalid transport socket option ~p: ~s", [Option, do_format_error(Error)]));
 do_format_error({options, {socket_options, Option}}) ->
     lists:flatten(io_lib:format("Invalid socket option: ~p", [Option]));
+do_format_error({options, incompatible, Opts}) ->
+    lists:flatten(io_lib:format("Options (or their values) can not be combined: ~p", [Opts]));
+do_format_error({option, Reason, Opts}) ->
+    lists:flatten(io_lib:format("Invalid option ~w ~w", [Opts, Reason]));
+do_format_error({options, Reason, Opts}) ->
+    lists:flatten(io_lib:format("Invalid option ~w ~w", [Opts, Reason]));
+do_format_error({options, {missing_version=R, Opts}}) ->
+    lists:flatten(io_lib:format("Invalid option ~w ~w", [Opts, R]));
+do_format_error({options, {option_not_a_key_value_tuple=R, Opts}}) ->
+    lists:flatten(io_lib:format("Invalid option ~w ~w", [Opts, R]));
+do_format_error({options, {no_supported_algorithms=R, Opts}}) ->
+    lists:flatten(io_lib:format("Invalid option ~w ~w", [Opts, R]));
+do_format_error({options, {no_supported_signature_schemes=R, Opts}}) ->
+    lists:flatten(io_lib:format("Invalid option ~w ~w", [Opts, R]));
+do_format_error({options, {insufficient_crypto_support=R, Opts}}) ->
+    lists:flatten(io_lib:format("Invalid option ~w ~w", [Opts, R]));
+
 do_format_error({options, Options}) ->
     lists:flatten(io_lib:format("Invalid TLS option: ~p", [Options]));
 

diff --git a/lib/ssl/test/ssl_api_SUITE.erl b/lib/ssl/test/ssl_api_SUITE.erl
@@ -187,7 +187,9 @@
          check_random_nonce/0,
          check_random_nonce/1,
          cipher_listing/0,
-         cipher_listing/1
+         cipher_listing/1,
+         format_error/0,
+         format_error/1
         ]).
 
 %% Apply export
@@ -275,7 +277,8 @@ simple_api_tests() ->
      invalid_cacertfile,
      invalid_options,
      options_not_proplist,
-     options_whitebox
+     options_whitebox,
+     format_error
     ].
 
 
@@ -3545,6 +3548,34 @@ cipher_listing(Config) when is_list(Config) ->
     Version = ssl_test_lib:protocol_version(Config, tuple),
     length_exclusive(Version) == length_all(Version).
 
+format_error() ->
+    "".
+format_error(Config) when is_list(Config) ->
+    Errors = [{error, enotconn},
+              {error, closed},
+              {options, {keyfile, "TestFileName", {error,enoent}}},
+              {options, {certfile, "TestFileName", {error,enoent}}},
+              {options, {cacertfile, "TestFileName",{error,enoent}}},
+              {options, {option_not_a_key_value_tuple, [foo]}},
+              {options, {insufficient_crypto_support,{'tlsv1.3','tlsv1.1'}}},
+              {options, incompatible, [{verify,verify_peer},{cacerts,undefined}]},
+              {options, {protocol, foo}},
+              {option, server_only, alpn_preferred_protocols},
+              {options, {alpn_advertised_protocols, undefined}},
+              {options, missing_version, {'tlsv1.2',{versions, ['tlsv1.1','tlsv1.3']}}},
+              {options, {no_supported_algorithms, {signature_algs,[]}}},
+              {options, {no_supported_signature_schemes, {signature_algs_cert,[]}}}
+             ],
+    Check = fun(Err) ->
+                    Str = ssl:format_error(Err),
+                    io:format("~p => ~s ~n", [Err, Str]),
+                    %% Verify flat string (why do ssl flatten strings?)
+                    Str = [C || C <- Str, is_integer(C)]
+            end,
+    [Check(Err) || Err <- Errors],
+    ok.
+
+
 %%--------------------------------------------------------------------
 
 establish_connection(Id, ServerNode, ServerOpts, ClientNode, ClientOpts, Hostname) ->