> Like I say, they should only do this if there was an error reported, surely?
No. Take a look at the SSL_CTX_use_certificate_chain_file:
ret=SSL_CTX_use_certificate(ctx,x);
if (ERR_peek_error() != 0)
ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
> I guess that's an alternative, but I don't see why it should be needed.
To make it explicit. Right now the function that is called does not know
that the error code it puts into error stack will be used to make some
decision by caller. There is implicit dependency and it is bad for code
maintenance.
Arne
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
