PPlamenu
Sign in
Christine Hall@BrideOfLinux@mastodon.opencloud.lu
13h

"This is a major, systemic, pandemic of incomplete error handling. We cannot just discard unrelated errors if they become inconvenient. The code that caused the error needs to be fixed to handle it": The pandemic of incomplete OpenSSL error handling https://blog.jak-linux.org/2026/07/03/openssl-pandemic/

Blog of Julian Andres KlodeThe pandemic of incomplete OpenSSL error handlingRecently a person reported a bug in APT saying that TLS is failing on FIPS systems with MD5 errors, and suggested we call ERR_clear_error() around TLS operations. Like any serious software engineer would do, I said No. Just because one component failed to handle its errors does not mean I can go around and discard all errors in another place - the program should have failed earlier (or discarded the error when it was determined to be safe).
Jul 5, 2026, 14:40 UTCen
0000
Open original page
BoostsQuotesFavs