Skip Menu |

This queue is for tickets about the Crypt-OpenSSL-CA CPAN distribution.

Report information
The Basics
Id: 120383
Status: new
Priority: 0/
Queue: Crypt-OpenSSL-CA

Owner: Nobody in particular
Requestors: tlhackque [...]

Bug Information
Severity: Important
Broken in: 0.24
Fixed in: (no value)

Subject: Crypt::OpenSSL::CA::Error should contain more context
Download (untitled) / with headers
text/plain 1.7k
When building a certificate, set/add_extension will be called many times. When there's a problem, a Crypt::OpenSSL::CA::Error exception object is (usually) thrown. Unfortunately, it looks something like this: x $@ 0 Crypt::OpenSSL::CA::Error=HASH(0xa8a2190) '-message' => 'X509V3_EXT_conf_nid failed' '-openssl' => ARRAY(0xa8da224) 0 'error:22075075:X509 V3 routines:v2i_GENERAL_NAME_ex:unsupported option' In order to produce and log an informative error message, what I really want to know (at least) is the name of the extension with the issue. This means that every call has to be wrapped in a unique eval block, rather than wrapping the entire build_a_certificate method in a global eval. This rather defeats the point of an exception architecture, which is not to have to check for errors at every method call. Thus, it would be helpful if the exception object contained more data. E.g. '-item' => 'subjectAltName' # for set/add_extension, from the first argument. and from methods like set_subject_DN, something useful, like '-item' => 'subject_DN' For cases where a string is thrown (e.g. invalid extension name), please also include an item name. It would be ideal if the faulting values/options were also included. I currently use the rather ugly hack of calling wrapper routines, such as: set_extension( $cert, ... ); sub set_extension { my( $cert, $name, $value, @options ) = @_; eval { $cert->set_extension( $name, $value, @options ); }; if( $@ ) { if( ref $@ ) { $@->{-item} = $name; $@->{-args} = [ $value, @options ]; } else { chomp $@; $@ =~ s/ at .*\z//; $@ = "$name: $@\n"; } die $@; } return; } Thanks.

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to