Query regarding SSL_ERROR_SSL during SSL handshake
Matt Caswell
matt at openssl.org
Mon Feb 24 05:02:17 UTC 2020
On 24/02/2020 03:49, Mahendra SP wrote:
> Hi Matt,
>
> Thank you for the inputs.
> I have one more query. Is it appropriate to check for the errno in this
> case and take action based on the errno values ?
No, errno should not be checked unless SSL_get_error returns
SSL_ERROR_SYSCALL.
Matt
>
> Thanks
> Mahendra
>
> On Wed, Feb 19, 2020 at 3:09 PM Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
>
>
>
> On 19/02/2020 05:16, Mahendra SP wrote:
> > Hi All,
> >
> > We are using Openssl version 1.0.2h. When we call SSL_do_handshake,
> > sometimes we notice that handshake fails with error SSL_ERROR_SSL.
> > As per the documentation for this error, it is non recoverable and
> fatal
> > error. Documentation also mentions to check the error queue for
> further
> > details. Does it mean, calling SSL_get_error after SSL_ERROR_SSL will
> > give exact reason for this failure?
>
> OpenSSL has its own error stack. SSL_ERROR_SSL means that you should
> look at that error stack for further details about what caused the
> problem. For example you can use ERR_print_errors_fp() to print all the
> error descriptions to stdout/stderr:
>
> https://www.openssl.org/docs/man1.1.1/man3/ERR_print_errors_fp.html
>
> You can get more fine grained control of the error stack using the
> various ERR_* functions available. See:
>
> https://www.openssl.org/docs/man1.1.1/man3/
>
> Matt
>
More information about the openssl-users
mailing list