> Adding ERR_clear_errors() into SSL_read() etc seems to be the correct > approach. It is already handled this way in _accept(), _connect(), but > not that obvious, because it is found e.g. in ssl3_accept() which is > called depending on the method selected. > > You will often find ERR_clear_errors() combined with clear_sys_error() > but obviously not in all occasions.
I just checked. Seems that SSL_CTX_use_certificate_chain_file has a same problem. Other uses of ERR_peek_error seem to be immune to the old entries in error stack. > Unfortunately it is not obvious enough to simply add it without some > further investigation. I will thus put this issue into the 0.9.7 queue > and will not consider it for 0.9.6h anymore. 0.9.7 is fine for me. Arne ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]