> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Steve Holme > Sent: Wednesday, November 26, 2014 13:27 > To: openssl-users@openssl.org > Subject: SSL_CTX_use_certificate_chain_file() can return zero on success > > I have built a debug version of the OpenSSL DLLs for use with our app and > found that the problem lies with the following code from line 770 of > ssl_rsa.c: > > > > /* When the while loop ends, it's usually just EOF. */ > > err = ERR_peek_last_error(); > > if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == > PEM_R_NO_START_LINE) > > ERR_clear_error(); > > else > > ret = 0; /* some real error */ > > > > ERR_peek_last_error() is returning zero which is then causing > SSL_CTX_use_certificate_chain_file() to also return zero due to the "ret = 0".
I've seen this before when running against an OpenSSL build that was not built correctly for threading. The problem was that ERR_peek_last_error wasn't always actually looking at the correct thread error queue. In particular, take a look at how your thread-ID callback works, if you're using CRYPTO_set_id_callback. If you're not using CRYPTO_set_id_callback, I'm not sure off the top of my head what OpenSSL uses for the thread ID. -- Michael Wojcik Technology Specialist, Micro Focus This message has been scanned for malware by Websense. www.websense.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
