Details
-
Type:
Change
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: V3.8.5.0
-
Component/s: None
-
Labels:None
-
Account:SPC EthernetIp Core (SPCETHERNET)
Description
In the TLS-common module, during startup/initialization, we should propagate some error conditions more specifically towards the user (for instance, through the startup barrier (ulSecSubsystemStatus)).
Prime example would be the consistency check between private key and certificate to fail.
Others: Key length errors, or actually: all specific startup failures or misconfigurations that are checked.
At minimum, the following error code shall be added
- Load Key related errors
- ERR_EIP_SECURITY_NO_KEY (in case the CrtDB_LoadKey() fails)
- ERR_EIP_SECURITY_BAD_KEY (in case the key type isn't supported or key doesn't match the object key requirements)
- Load Certificate related errors
- ERR_EIP_SECURITY_NO_CERT (in case the CrtDB_LoadCert() or CrtDB_LoadChain failes)
- ERR_EIP_SECURITY_KEY_CERT_MISMATCH (in case the public key from EE cert doesn't match the device key)
- (D)TLS servers errors
- ERR_EIP_SECURITY_TLS_SERVER_FAIL (In case the configuration and start of the TLS server fail)
- ERR_EIP_SECURITY_DTLS_SERVER_FAIL (In case the configuration and start of the DTLS server fail)