Skip to content

Improve unmapped error exception to include the mapping function name and the error code#115485

Merged
vcsjones merged 1 commit into
dotnet:mainfrom
vcsjones:ossl-map-errors-helpful
May 13, 2025
Merged

Improve unmapped error exception to include the mapping function name and the error code#115485
vcsjones merged 1 commit into
dotnet:mainfrom
vcsjones:ossl-map-errors-helpful

Conversation

@vcsjones
Copy link
Copy Markdown
Member

@vcsjones vcsjones commented May 12, 2025

When we encounter an unmapped OpenSSL error, retail builds do not include any information about what the error was. This adds some exception text to help diagnose.

Contributes to #114129.

@vcsjones vcsjones requested review from bartonjs and Copilot May 12, 2025 17:46
Copilot AI reviewed May 12, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances unmapped OpenSSL error handling by including the mapping function name and the raw error code in the thrown exception to aid diagnostics.

  • Updated MapOpenSsl*Code methods to throw a detailed exception instead of a generic one.
  • Added a GetUnmappedCodeException helper that formats the error message.
  • Introduced a new resource string for the unmapped OpenSSL code error.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslX509ChainProcessor.cs Replaced generic CryptographicException throws with calls to GetUnmappedCodeException, and added that helper method.
src/libraries/System.Security.Cryptography/src/Resources/Strings.resx Added Cryptography_UnmappedOpenSslCode resource string for formatting the new exception message.
Comments suppressed due to low confidence (1)

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslX509ChainProcessor.cs:1423

  • Consider adding unit tests to verify that when an unmapped OpenSSL error code is encountered, the exception message includes the correct function name and error code.
private static CryptographicException GetUnmappedCodeException(string functionName, int code)

@dotnet-policy-service
Copy link
Copy Markdown
Contributor

dotnet-policy-service Bot commented May 12, 2025

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

This was referenced May 12, 2025
Open
Closed
bartonjs
bartonjs approved these changes May 13, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@bartonjs bartonjs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

I sort of want to ask "should we get rid of the assert now that we have enough data?", but, eh, in a Debug build we should definitely be seeing these and mapping them... and it shows "this exception is not something we ever want someone to see". So... I like it as it is. ("Good talk.")

@vcsjones vcsjones merged commit 24954fb into dotnet:main May 13, 2025
84 of 86 checks passed
@vcsjones vcsjones deleted the ossl-map-errors-helpful branch May 13, 2025 02:12
@build-analysis build-analysis Bot mentioned this pull request May 13, 2025
Closed
@vcsjones vcsjones mentioned this pull request May 13, 2025
Merged
@github-actions github-actions Bot locked and limited conversation to collaborators Jun 12, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels

area-System.Security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vcsjones @bartonjs