diff --git a/AI.md b/AI.md index d8c4ba5..40424fc 100644 --- a/AI.md +++ b/AI.md @@ -47,7 +47,7 @@ unfinished work out of `TODO.md` merely because its architecture is documented. Latest patch marker expected in an up-to-date bundle: -- `0476 build: route nwwebui sockets and logging through shared libs` +- `0477 build: expose nwssl error helpers for nwwebui` When a later chat receives a new `mars-nwe-master` bundle, compare `git log -1` with this marker. If the uploaded bundle already contains this commit subject, @@ -67,19 +67,17 @@ The active line is expected to include: Last generated patch: -- `0476 build: route nwwebui sockets and logging through shared libs` +- `0477 build: expose nwssl error helpers for nwwebui` Purpose of that patch: -- Move the existing `nwwebui` listener onto the shared library path without - starting the IPC rewrite yet. -- Link `nwwebui` against `mars_nwe::core`, `mars_nwe::ssl` and - `libowfat::libowfat`. -- Route the IPv4 TCP listener/accept path through libowfat socket helpers. -- Route `nwwebui` logging through `nwlog`, including a first file-output sink in - `libnwcore` so daemon-mode logs still go to the configured web UI log file. -- Keep PAM as future recovery-only login in `nwwebui`; normal admin/auth/plugin - logic still belongs behind `nwadmin`. +- Keep `nwwebui` on the shared `nwssl`/MatrixSSL compatibility path instead of + adding a direct OpenSSL dependency for TLS error handling. +- Export the small OpenSSL-shaped `ERR_get_error()` and `ERR_error_string_n()` + surface that the SMArT-derived `nwwebui` logging path uses. +- Make MatrixSSL compatibility errors printable through the existing + OpenSSL-shaped error API, so `nwwebui` can compile against `mars_nwe::ssl` and + log TLS failures through `nwlog`. Directory/NDS work order before any FLAIM storage conversion: diff --git a/include/nwssl/openssl/err.h b/include/nwssl/openssl/err.h index 764cb67..1230f36 100644 --- a/include/nwssl/openssl/err.h +++ b/include/nwssl/openssl/err.h @@ -1,4 +1,17 @@ #ifndef MARS_NWSSL_OPENSSL_ERR_H #define MARS_NWSSL_OPENSSL_ERR_H #include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +unsigned long ERR_get_error(void); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); + +#ifdef __cplusplus +} +#endif + #endif diff --git a/src/ssl/CMakeLists.txt b/src/ssl/CMakeLists.txt index 13d83b1..2b3b50f 100644 --- a/src/ssl/CMakeLists.txt +++ b/src/ssl/CMakeLists.txt @@ -38,6 +38,8 @@ target_compile_definitions(nwssl PRIVATE target_include_directories(nwssl PUBLIC + "$" + "$" "$" "$" "$" diff --git a/src/ssl/openssl_compat.c b/src/ssl/openssl_compat.c index b01390f..4bf5554 100644 --- a/src/ssl/openssl_compat.c +++ b/src/ssl/openssl_compat.c @@ -193,10 +193,55 @@ void SSL_load_error_strings(void) {} void ERR_load_BIO_strings(void) {} void ERR_clear_error(void) { g_last_error = 0; } unsigned long ERR_peek_error(void) { return g_last_error; } +unsigned long ERR_get_error(void) +{ + unsigned long err = g_last_error; + + g_last_error = 0; + return err; +} + +void ERR_error_string_n(unsigned long e, char *buf, size_t len) +{ + const char *msg = "unknown"; + + if (!buf || len == 0) return; + + switch ((int)e) { + case SSL_ERROR_NONE: + msg = "no error"; + break; + case SSL_ERROR_SSL: + msg = "TLS protocol or MatrixSSL error"; + break; + case SSL_ERROR_WANT_READ: + msg = "operation wants read"; + break; + case SSL_ERROR_WANT_WRITE: + msg = "operation wants write"; + break; + case SSL_ERROR_SYSCALL: + msg = "system call failed"; + break; + case SSL_ERROR_ZERO_RETURN: + msg = "TLS connection closed"; + break; + default: + break; + } + + snprintf(buf, len, "mars-matrixssl OpenSSL-compat error %lu: %s", e, msg); +} + void ERR_print_errors_fp(FILE *fp) { if (!fp) fp = stderr; - if (g_last_error) fprintf(fp, "mars-matrixssl OpenSSL-compat error %lu\n", g_last_error); + if (g_last_error) { + char errbuf[128]; + + ERR_error_string_n(g_last_error, errbuf, sizeof(errbuf)); + fprintf(fp, "%s\n", errbuf); + } } const SSL_METHOD *TLS_server_method(void) { return &g_server_method; }