Changes committed to git://oss.sgi.com/pcp/pcp.git nssmerge
src/include/pcp/pmapi.h | 2
src/libpcp/src/auxconnect.c | 128 +++++++++++++++++++++++---------------------
src/libpcp/src/err.c | 27 ++++++++-
src/pmcd/src/secure.c | 39 +++++++++----
4 files changed, 120 insertions(+), 76 deletions(-)
commit 257eecb07af3b7deabb2a52263d1325dd75244f5
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Thu Jan 3 17:42:50 2013 +1100
Allow NSPR/NSS/SSL error codes to coexist with PCP error codes
Took several attempts, but this is the least invasive option and
has the nice characteristic that it appears to work. Having had
a fairly cryptic connection debugging experience with NSS/SSL, I
realised we really need to expose the NSPR/SSL/NSS error strings
somehow. Unfortunately, the SSL error code values overlap with
the PCP codes (they also use negative values outside the regular
negated operating system errno values).
The final solution shifts all NSPR/SSL/NSS error code below the
range used by PCP, as defined by PM_ERR_BASE and PM_ERR_NYI (the
latter already leaves a wide hole for future PCP codes). Turns
out the Win32 port coincidentally used this as well. Added in a
pmapi.h comment noting this.
Now we can observe the underlying SSL error codes, e.g.
$ export PCP_SECURE_CONTEXT=1
$ pminfo -f kernel.all.pswitch
pminfo: Cannot connect to PMCD on host "smash": Unable to communicate
securely with peer: requested domain name does not match the server's
certificate.
|