> Adding ERR_clear_errors() into SSL_read() etc seems to be the correct
> approach. It is already handled this way in _accept(), _connect(), but
> not that obvious, because it is found e.g. in ssl3_accept() which is
> called depending on the method selected.
> You will often find ERR_clear_errors() combined with clear_sys_error()
> but obviously not in all occasions.

I just checked. Seems that SSL_CTX_use_certificate_chain_file has a same
problem. Other uses of ERR_peek_error seem to be immune to the old entries
in error stack.

> Unfortunately it is not obvious enough to simply add it without some
> further investigation. I will thus put this issue into the 0.9.7 queue
> and will not consider it for 0.9.6h anymore.

0.9.7 is fine for me.


OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to