> From: owner-openssl-us...@openssl.org On Behalf Of tipo nac
> Sent: Thursday, 31 March, 2011 13:22
> I getting error in a SSL_read call.
> SSL_read return -1
Your code shows SSL_accept != 1, but the
answer is the same for SSL_read/write < 0.
> and
> SSL_get_error( GetSSL(), -1 ) return
after being passed to ERR_error_string
> error:00000005:lib(0):func(0):DH lib
The return value from SSL_get_error is not suitable for
passing to ERR_error_string and friends. Instead, compare
it to the SSL_ERROR_ values in ssl.h. 5 is SSL_ERROR_SYSCALL.
You should look at errno on Unix or [WSA]GetLastError() on Windows
(as your code does for socket-level accept() returning null).
For 5 you may also, and for 1 SSL_ERROR_SSL you should only,
get the error codes from ERR_get_error or related routines
in err.h. Note ERR_get_error NOT SSL_get_error. *Those* values
can and should be run through ERR_error_string or similar.
And there may be more than one error code in the error stack,
so you should loop:
unsigned long err;
while( (err = ERR_get_error()) != 0 ){
ERR_error_string (err, buf) and log/display buf
}
or just call ERR_print_errors[_fp] if you want the results
on a BIO or FILE (typically stderr).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
