On Sat February 13 2010, John L Veazey wrote:
> On Sat, Feb 13, 2010 at 1:04 AM, Patrick M. Rutkowski
> wrote:
> > From the SSL_get_error() man page:
> >
> >
> > The current thread's error queue must be empty before the TLS/SSL I/O
> > opera
I was just reading that. I believe my original answer was quite
wrong. Let me step out of the way and let someone else answer this
question.
Sorry.
On Sat, Feb 13, 2010 at 1:04 AM, Patrick M. Rutkowski
wrote:
> From the SSL_get_error() man page:
>
>
>From the SSL_get_error() man page:
The current thread's error queue must be empty before the TLS/SSL I/O
operation is attempted, or SSL_get_error() will not work reliably.
And don't
When dealing with the high level SSL_* functions, stick with
SSL_get_error() as per s_client.c and s_server.c.
If you are doing things on a lower level, you may need to deal with
the error stack yourself; but for people new to OpenSSL, just stick
with functions starting with SSL_* or BIO_*
On Fri
I should have mentioned ERR_get_error() in my question, that's what's
most heavily on my mind. The question is if you have to call clear the
error stack with ERR_get_error() after every failed SSL call, even
failures that are often "not really failures." For example, my code
considered SSL_read() r
Patrick,
I believe the "sane state" implied here is that if you call
SSL_get_error() some of the time and not all of the time, you may be
getting information about errors that happened any time in the past
for that SSL*. It won't necessarily prevent OpenSSL from working
correctly, just your perce
As an OpenSSL newbie, I'm trouble that the man pages for SSL_write()
and SSL_read() don't stress that you should clear the error stack upon
a failed call. They suggest you check SSL_get_error(), but they make
no mention of clearing the error stack afterward, and I hear that
clearing the error stack
