-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSC's use of OpenSSL ERR_print_errors_fp #2701
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem Description
OpenSSL and other crypto libraries have function ERR_print_errors_fp . OpenSC uses this in ./libopensc/card-iasecc.c, ./libopensc/card-piv.c, ./pkcs15init/pkcs15-oberthur-awp.c, ./tools/piv-tool.c, ./tools/sc-hsm-tool.c and ./tools/gids-tool.c to either print to opensc-debug.log or stderr.
It use is most helpful during development. OpenSC code also detects failure within OpenSSL but not the specifics of why some call fails which is contained in the OpenSSL error strings.
It would also be helpful identify bad data passed to OpenSSL.
Proposed Resolution
Several issues to consider:
My suggestion is for the tools would be either print to stderr as now or only when
SC_LOG_DEBUG_VERBOSE_TOOL = 1, /* tools only: verbose */
In non tools files use
SC SC_LOG_DEBUG_NORMAL, /* helps developers */
i.e. 3. there should be very few of these errors, accept for bad data.This issue is in response to #2053 (comment)
The text was updated successfully, but these errors were encountered: