Bug#511519: libcrypt-openssl-dsa-perl: return values of openssl functions.
Kurt Roeckx
kurt at roeckx.be
Wed Jan 28 22:12:20 UTC 2009
On Wed, Jan 28, 2009 at 11:52:18PM +0200, Damyan Ivanov wrote:
> > However those functions can also return -1 on failure. This
> > would then mean that other applications making use of this
> > could wrongly check the return value.
>
> Since $dsa->verify(...) croaks in underlying OpenSSL call returns -1,
> it seems to me that croaking in do_verify(...) is the right thing to
> do.
>
> From what I understand, verify() and do_verify() only differ in what
> they accept as parameters, otherwise the semantic is the same --
> verify a signature.
>
> Does in your opinion (1) patching do_verify() to croak if underlaying
> library call returns -1, (2) documenting the fact that both verify()
> and do_verify() may croak and (3) sending the patch upstream, would
> fix the bug?
I have no idea what croak does exactly, but if it's some
mechanisme to report error conditions, like a throw in C++,
it might be a good way of doing it.
But then I have to wonder why croak isn't called in case
of a 0 return value. Both 0 and -1 are error cases. And
most applications don't care if 0 or -1 was returned.
Kurt
More information about the pkg-perl-maintainers
mailing list