When to call ERR_clear_error() ?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

When to call ERR_clear_error() ?

pratyush parimal
Hi all,

I have a multi-threaded SSL server application which uses
SSL_write()/SSL_read() calls.

In my write-loop, whenever SSL_write() returns <= 0, I call
SSL_get_error() to see what happened, and then proceed based on what I
find. After that, I call ERR_clear_error() because I think I need to
clear the error queue for the current thread.

Is calling ERR_clear_error() the right thing to do? The manpage for
SSL_get_error() says:

" ... SSL_get_error() inspects the current thread's OpenSSL error
queue.  Thus, SSL_get_error() must be used in the same thread that
performed the TLS/SSL I/O operation, and no other OpenSSL function
calls should appear in between.  The current thread's error queue must
be empty before the TLS/SSL I/O operation is attempted, or
SSL_get_error() will not work reliably."


My reason for calling ERR_clear_error() is to make sure that  " ...
current thread's error queue must be empty before the TLS/SSL I/O
operation is attempted ...".  My application is multi-threaded and I
don't want SSL errors from one thread to cause with other threads.
What can happen if I don't call ERR_clear_error() ? Could someone
explain the correct/reasonable places I should be using that function?

Thanks,
Pratyush
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users