Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance TLS handshake error message with additional details from previous exception #385

Merged
merged 3 commits into from
Mar 6, 2025
Merged

Enhance TLS handshake error message with additional details from previous exception #385

merged 3 commits into from
Mar 6, 2025

Conversation

luzrain
Copy link
Contributor

@luzrain luzrain commented Mar 5, 2025

Closes: #360

This change extracts additional information from the previous exception to provide more details in the 'Connection to '%s' @ '%s' closed during TLS handshake' error message. It tries to filter out unnecessary text and retains details."

For example, previous exceptions could generate the following text:

TLS negotiation failed: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

Then exception message will be:

Connection to 'self-signed.badssl.com:443' @ '104.154.89.105:443' closed during TLS handshake: certificate verify failed

Previous exception message:

TLS negotiation failed: stream_socket_enable_crypto(): Peer certificate CN=`*.badssl.com' did not match expected CN=`wrong.host.badssl.com'

Exception message:

Connection to 'wrong.host.badssl.com:443' @ '104.154.89.105:443' closed during TLS handshake: Peer certificate CN=`*.badssl.com' did not match expected CN=`wrong.host.badssl.com'

Website with invalid certificates for test:
https://badssl.com/

@luzrain luzrain force-pushed the tls_handshake_message branch from a3b02f2 to ba43719 Compare March 5, 2025 14:39
@kelunik
Copy link
Member

kelunik commented Mar 5, 2025

Thanks! Looks good to me. Could you please add a test?

@luzrain luzrain force-pushed the tls_handshake_message branch 4 times, most recently from 4aa9710 to 70fc140 Compare March 6, 2025 03:45
@luzrain luzrain force-pushed the tls_handshake_message branch from 70fc140 to 1c56f49 Compare March 6, 2025 03:50
@kelunik kelunik merged commit 5dedc81 into amphp:5.x Mar 6, 2025
5 checks passed
@kelunik
Copy link
Member

kelunik commented Mar 6, 2025

Thank you!

@luzrain luzrain deleted the tls_handshake_message branch March 6, 2025 09:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kelunik kelunik kelunik approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Invalid certificate throws a misleading error
2 participants
@luzrain @kelunik