>>>>> On Wed, 12 Dec 2007 21:22:50 +0100, Jurko Gospodnetiæ said: > > Hi. > > Could someone more knowledgeable with OpenSSL please explain to me > exactly how the OpenSSL error information queue (accessed using > ERR_get_error(), SSL_get_error() and related APIs) is supposed to be used. > > Is every failing OpenSSL API expected to push something into this queue? > > Can a failing OpenSSL API be expected to push more than 1 element > into this queue? > > Is every OpenSSL API caller expected to check and clear the OpenSSL > error information queue afterwards? > > Can ERR_get_error() return 0 even if the OpenSSL error information > queue is not empty?
I don't know the answers to these, but... > I started wandering about whether we interpreted this OpenSSL error > information queue management correctly after in one of our applications > OpenSSL SSL_read() API returned -1 but did not push corresponding error > information into the OpenSSL error information queue (ERR_get_error() > returned 0). This happened as an isolated incident on a multiple-user > server being tested under heavy load (many clients opening and closing > SSL connections, sending and receiving data at the same time). Yes, sometimes there is nothing on the error queue after SSL_get_error() has returned SSL_ERROR_SYSCALL. Also, if your app is multithreaded then don't forget to implement all of the crypto locking/threadid functions, otherwise there will be confusion about error codes between the threads. __Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]