ERR: Drop or deprecate dangerous or overly confusing functions
ERR_get_error_line() is deprecated, and ERR_get_error_func() and
ERR_get_error_data() are removed in favor of ERR_get_error_all(),
since they pop the error record, leaving the caller with only partial
error record data and no way to get the rest if the wish.
If it's desirable to retrieve data piecemeal, the caller should
consider using the diverse ERR_peek functions and finish off with
ERR_get_error().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13466)
diff --git a/doc/man3/ERR_get_error.pod b/doc/man3/ERR_get_error.pod
index 97478db..4e33378 100644
--- a/doc/man3/ERR_get_error.pod
+++ b/doc/man3/ERR_get_error.pod
@@ -4,8 +4,8 @@
ERR_get_error, ERR_peek_error, ERR_peek_last_error,
ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
-ERR_get_error_func, ERR_peek_error_func, ERR_peek_last_error_func,
-ERR_get_error_data, ERR_peek_error_data, ERR_peek_last_error_data,
+ERR_peek_error_func, ERR_peek_last_error_func,
+ERR_peek_error_data, ERR_peek_last_error_data,
ERR_get_error_all, ERR_peek_error_all, ERR_peek_last_error_all,
ERR_get_error_line_data, ERR_peek_error_line_data, ERR_peek_last_error_line_data
- obtain error code and data
@@ -18,20 +18,17 @@
unsigned long ERR_peek_error(void);
unsigned long ERR_peek_last_error(void);
- unsigned long ERR_get_error_line(const char **file, int *line);
unsigned long ERR_peek_error_line(const char **file, int *line);
unsigned long ERR_peek_last_error_line(const char **file, int *line);
- unsigned long ERR_get_error_func(const char **func);
unsigned long ERR_peek_error_func(const char **func);
unsigned long ERR_peek_last_error_func(const char **func);
- unsigned long ERR_get_error_data(const char **data, int *flags);
unsigned long ERR_peek_error_data(const char **data, int *flags);
unsigned long ERR_peek_last_error_data(const char **data, int *flags);
unsigned long ERR_get_error_all(const char **file, int *line,
- const char *func,
+ const char **func,
const char **data, int *flags);
unsigned long ERR_peek_error_all(const char **file, int *line,
const char *func,
@@ -42,6 +39,7 @@
Deprecated since OpenSSL 3.0:
+ unsigned long ERR_get_error_line(const char **file, int *line);
unsigned long ERR_get_error_line_data(const char **file, int *line,
const char **data, int *flags);
unsigned long ERR_peek_error_line_data(const char **file, int *line,
@@ -52,7 +50,7 @@
=head1 DESCRIPTION
ERR_get_error() returns the earliest error code from the thread's error
-queue and removes the entry. This function can be called repeatedly
+queue and removes the entry. This function can be called repeatedly
until there are no more error codes to return.
ERR_peek_error() returns the earliest error code from the thread's
@@ -65,42 +63,48 @@
such as the reason of the error,
and L<ERR_error_string(3)> for human-readable error messages.
-ERR_get_error_line(), ERR_peek_error_line() and
-ERR_peek_last_error_line() are the same as ERR_get_error(),
-ERR_peek_error() and ERR_peek_last_error(), but on success they
-additionally store the filename and line number where
-the error occurred in *B<file> and *B<line>, as far as they are not B<NULL>.
-An unset filename is indicated as B<"">, i.e., an empty string.
-An unset line number is indicated as B<0>.
+ERR_get_error_all() is the same as ERR_get_error(), but on success it
+additionally stores the filename, line number and function where the error
+occurred in *I<file>, *I<line> and *I<func>, and also extra text and flags
+in *I<data>, *I<flags>. If any of those parameters are NULL, it will not
+be changed.
+An unset filename is indicated as "", i.e. an empty string.
+An unset line number is indicated as 0.
+An unset function name is indicated as "", i.e. an empty string.
A pointer returned this way by these functions and the ones below
-is valid until the respective entry is removed from the error queue.
+is valid until the respective entry is overwritten in the error queue.
-ERR_get_error_func(), ERR_peek_error_func() and
-ERR_peek_last_error_func() are the same as ERR_get_error(),
-ERR_peek_error() and ERR_peek_last_error(), but on success they
-additionally store the name of the function where the error occurred
-in *B<func>, unless it is B<NULL>.
-An unset function name is indicated as B<"">.
+ERR_peek_error_line() and ERR_peek_last_error_line() are the same as
+ERR_peek_error() and ERR_peek_last_error(), but on success they additionally
+store the filename and line number where the error occurred in *I<file> and
+*I<line>, as far as they are not NULL.
+An unset filename is indicated as "", i.e., an empty string.
+An unset line number is indicated as 0.
-ERR_get_error_data(), ERR_peek_error_data() and
-ERR_peek_last_error_data() are the same as ERR_get_error(),
-ERR_peek_error() and ERR_peek_last_error(), but on success they
-additionally store additional data and flags associated with the error
-code in *B<data> and *B<flags>, as far as they are not B<NULL>.
-Unset data is indicated as B<"">.
-In this case the value given for the flag is irrelevant (and equals B<0>).
-*B<data> contains a string if *B<flags>&B<ERR_TXT_STRING> is true.
+ERR_peek_error_func() and ERR_peek_last_error_func() are the same as
+ERR_peek_error() and ERR_peek_last_error(), but on success they additionally
+store the name of the function where the error occurred in *I<func>, unless
+it is NULL.
+An unset function name is indicated as "".
-ERR_get_error_all(), ERR_peek_error_all() and
-ERR_peek_last_error_all() are combinations of all of the above.
+ERR_peek_error_data() and ERR_peek_last_error_data() are the same as
+ERR_peek_error() and ERR_peek_last_error(), but on success they additionally
+store additional data and flags associated with the error code in *I<data>
+and *I<flags>, as far as they are not NULL.
+Unset data is indicated as "".
+In this case the value given for the flag is irrelevant (and equals 0).
+*I<data> contains a string if *I<flags>&B<ERR_TXT_STRING> is true.
-ERR_get_error_line_data(), ERR_peek_error_line_data() and
-ERR_peek_last_error_line_data() are older variants of ERR_get_error_all(),
-ERR_peek_error_all() and ERR_peek_last_error_all(), and should no longer
-be used.
+ERR_peek_error_all() and ERR_peek_last_error_all() are combinations of all
+of the above.
-An application B<MUST NOT> free the *B<data> pointer (or any other pointers
+ERR_get_error_line(), ERR_get_error_line_data(), ERR_peek_error_line_data()
+and ERR_peek_last_error_line_data() are older variants of ERR_get_error_all(),
+ERR_peek_error_all() and ERR_peek_last_error_all(), and may give confusing
+results. They should no longer be used and are therefore deprecated.
+
+An application B<MUST NOT> free the *I<data> pointer (or any other pointers
returned by these functions) with OPENSSL_free() as freeing is handled
automatically by the error library.
@@ -115,18 +119,18 @@
=head1 HISTORY
-ERR_get_error_func(), ERR_peek_error_func(), ERR_peek_last_error_func(),
-ERR_get_error_data(), ERR_peek_error_data(), ERR_peek_last_error_data(),
-ERR_get_error_all(), ERR_peek_error_all() and ERR_peek_last_error_all()
+ERR_peek_error_func(), ERR_peek_last_error_func(),
+ERR_peek_error_data(), ERR_peek_last_error_data(),
+ERR_peek_error_all() and ERR_peek_last_error_all()
were added in OpenSSL 3.0.
-ERR_get_error_line_data(), ERR_peek_error_line_data() and
-ERR_peek_last_error_line_data() became deprecated in OpenSSL 3.0.
+ERR_get_error_line(), ERR_get_error_line_data(), ERR_peek_error_line_data()
+and ERR_peek_last_error_line_data() became deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
