feat: add alert mappings for certificate errors #4919

camshaft · 2024-11-20T20:41:27Z

This change adds more alert mappings, this time for certificate issues. This can provide a lot better insight into why the handshake is failing.

One thing to note, as is still the case from #3171, this does not return alerts on the wire. It's only for the local TLS stack.

I added EXPECT_FAILURE_WITH_ALERT in a couple of places to show the mappings coming through.

Long term, it would be nice to have some kind of snapshot tests for these mappings so we can be more exhaustive on the checks.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

tls/s2n_alerts.c

Co-authored-by: Sam Clark <[email protected]>

camshaft force-pushed the cert-alerts branch from 788761d to 91d1610 Compare November 20, 2024 20:51

feat: add alert mappings for certificate errors

104566f

camshaft force-pushed the cert-alerts branch from 91d1610 to 104566f Compare November 20, 2024 21:17

camshaft marked this pull request as ready for review November 20, 2024 21:20

camshaft requested review from lrstewart and goatgoose November 20, 2024 21:20

goatgoose approved these changes Nov 20, 2024

View reviewed changes

tls/s2n_alerts.c Outdated Show resolved Hide resolved

camshaft and others added 2 commits November 20, 2024 16:34

Update tls/s2n_alerts.c

ca85ea9

Co-authored-by: Sam Clark <[email protected]>

Merge branch 'main' into cert-alerts

8844cf5

lrstewart mentioned this pull request Nov 21, 2024

Add test to detect non-protocol errors in the alert mapping #4920

Open

lrstewart approved these changes Nov 21, 2024

View reviewed changes

camshaft enabled auto-merge (squash) November 21, 2024 00:29

Merge branch 'main' into cert-alerts

9a4b714

camshaft merged commit a097d25 into aws:main Nov 21, 2024
38 checks passed

camshaft deleted the cert-alerts branch November 21, 2024 01:49

Provide feedback