Is there any "try catch" functionality in VCL? If not, how to handle runtime errors in vcl_init?
Batanun B
batanun at hotmail.com
Wed Apr 19 16:45:01 UTC 2023
> It's the VMOD author you should ask to have an option to ignore public
> key errors.
Well, I'm usually of the mindset that if a problem can be handled in a generic way by the language/platform/framework, then one should avoid requiring each and every custom vmod/plugin/library to handle it individually. And I'm also of the mindset that pretty much any non-trivial code can fail, and the calling code should be able to catch that if needed. :)
> This is a constructor, and even if we had a try-catch kind of
> construct in the language, I don't think we would make this one
> recoverable.
In my mind, with a try-catch I could handle it like this:
try {
new cryptoVerifier = crypto.verifier(sha256, std.fileread("/path/to/public.key"));
} catch (error) {
// log error...
// then try with with a hard coded known safe key, but that will fail when checking the signature
new cryptoVerifier = crypto.verifier(sha256, (sha256, {"
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
"});
}
With this approach, Varnish will start like normal. And the only requests failing will be the ones using the cryptoVerifier.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20230419/65637ffc/attachment-0001.html>
More information about the varnish-misc
mailing list