Skip to content

Improve unmapped error exception to include the mapping function name and the error code #115485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 13, 2025
Merged

Improve unmapped error exception to include the mapping function name and the error code #115485

merged 1 commit into from
May 13, 2025

Conversation

vcsjones
Copy link
Member

When we encounter an unmapped OpenSSL error, retail builds do not include any information about what the error was. This adds some exception text to help diagnose.

Contributes to #114129.

@vcsjones vcsjones requested review from bartonjs and Copilot May 12, 2025 17:46
Copilot
Copilot AI reviewed May 12, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances unmapped OpenSSL error handling by including the mapping function name and the raw error code in the thrown exception to aid diagnostics.

  • Updated MapOpenSsl*Code methods to throw a detailed exception instead of a generic one.
  • Added a GetUnmappedCodeException helper that formats the error message.
  • Introduced a new resource string for the unmapped OpenSSL code error.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslX509ChainProcessor.cs Replaced generic CryptographicException throws with calls to GetUnmappedCodeException, and added that helper method.
src/libraries/System.Security.Cryptography/src/Resources/Strings.resx Added Cryptography_UnmappedOpenSslCode resource string for formatting the new exception message.
Comments suppressed due to low confidence (1)

src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslX509ChainProcessor.cs:1423

  • Consider adding unit tests to verify that when an unmapped OpenSSL error code is encountered, the exception message includes the correct function name and error code.
private static CryptographicException GetUnmappedCodeException(string functionName, int code)

@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

This was referenced May 12, 2025
Open
Closed
bartonjs
bartonjs approved these changes May 13, 2025
View reviewed changes
Copy link
Member

@bartonjs bartonjs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

I sort of want to ask "should we get rid of the assert now that we have enough data?", but, eh, in a Debug build we should definitely be seeing these and mapping them... and it shows "this exception is not something we ever want someone to see". So... I like it as it is. ("Good talk.")

@vcsjones vcsjones merged commit 24954fb into dotnet:main May 13, 2025
84 of 86 checks passed
@vcsjones vcsjones deleted the ossl-map-errors-helpful branch May 13, 2025 02:12
@build-analysis build-analysis bot mentioned this pull request May 13, 2025
Open
@vcsjones vcsjones mentioned this pull request May 13, 2025
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Jun 12, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

Copilot code review Copilot Copilot left review comments

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels
area-System.Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vcsjones @bartonjs