> Like I say, they should only do this if there was an error reported, surely?
No. Take a look at the SSL_CTX_use_certificate_chain_file: ret=SSL_CTX_use_certificate(ctx,x); if (ERR_peek_error() != 0) ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ > I guess that's an alternative, but I don't see why it should be needed. To make it explicit. Right now the function that is called does not know that the error code it puts into error stack will be used to make some decision by caller. There is implicit dependency and it is bad for code maintenance. Arne ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]