On Tue, Nov 26, 2002 at 10:44:15PM +0200, Arne Ansper wrote:

> I just checked. Seems that SSL_CTX_use_certificate_chain_file has a same
> problem. Other uses of ERR_peek_error seem to be immune to the old entries
> in error stack.

One theory is that applications should not call arbitrary OpenSSL
functions while there is stuff in the error queue.

A second theory is that OpenSSL should always clear the error queue by
calling ERR_clear_error() if stuff left in the error queue might cause
confusion later.

The second theory is nicer, but until someone has patched OpenSSL
appropriately, unfortunately the first theory remains true.

PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036

OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to